- Description
- Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- zdi-disclosures@trendmicro.com
- CWE-121
- Hype score
- Not currently trending
[CVE-2024-6249: HIGH] Critical vulnerability in Wyze Cam v3 allows remote code execution without authentication. Exploit affects TCP traffic handling stack, risking user data on IP cameras. Patch recommended!#cybersecurity,#vulnerability https://t.co/tvHmc6XYr7 https://t.co/JKa7N
@CveFindCom
22 Nov 2024
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-6249 Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitr… https://t.co/P0u5AFOFtM
@CVEnew
22 Nov 2024
180 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes