CVE-2024-37066
6.8
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Wyze | Wyze Cam V4 Pro | 0 <= 4.52.4.9887 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/
- https://forums.wyze.com/t/security-advisory/289256
References
- https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/
- https://forums.wyze.com/t/security-advisory/289256
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.