Lucene search

HiddenLayerCVELIST:CVE-2024-37066

HistoryJul 19, 2024 - 12:05 p.m.

CVE-2024-37066

2024-07-1912:05:11

CWE-78

HiddenLayer

www.cve.org

wyze v4 pro

firmware

command injection

bluetooth

root access

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.0%

JSON

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Wyze Cam V4 Pro",
    "vendor": "Wyze",
    "versions": [
      {
        "lessThanOrEqual": "4.52.4.9887",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

forums.wyze.com/t/security-advisory/289256

hiddenlayer.com/sai-security-advisory/2024-7-wyze/

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

24.0%

JSON

Related for CVELIST:CVE-2024-37066