CVE-2026-1670

Summary

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Affected Software

VendorProductVersion RangeStatus
HoneywellI-HIB2PI-UL 2MP IP6.1.22.1216affected
HoneywellSMB NDAA MVO-3WDR_2MP_32M_PTZ_v2.0affected
HoneywellPTZ WDR 2MP 32MWDR_2MP_32M_PTZ_v2.0affected
Honeywell25M IPCWDR_2MP_32M_PTZ_v2.0affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References