Wyze Cam v3 Urgent Update: Critical Vulnerability Grants Hackers Full Control

Wyze, a popular smart home security company, has issued an urgent firmware update for its Wyze Cam v3 after the discovery of multiple critical vulnerabilities that could allow attackers to take complete control of affected devices.

Image: Wyze

The vulnerabilities, revealed at the renowned Pwn2Own 2023 hacking competition, range in severity and impact. They include:

• CVE-2024-6246 (CVSS 9.6): Realtek Wi-Fi Driver Heap-Based Buffer Overflow

One of the most critical vulnerabilities (CVE-2024-6246) is a heap-based buffer overflow in the Realtek Wi-Fi driver of Wyze Cam v3. This flaw arises from improper validation of user-supplied data lengths before copying them to a heap-based buffer. Network-adjacent attackers can exploit this vulnerability to execute arbitrary code within the kernel’s context, potentially gaining full control over the device.

• CVE-2024-6247 (CVSS 6.8): Wi-Fi SSID OS Command Injection

The CVE-2024-6247 vulnerability enables physically present attackers to execute arbitrary code by exploiting the handling of SSIDs embedded in scanned QR codes. Due to insufficient validation of user-supplied strings before using them to execute system calls, this flaw allows for code execution with root privileges, posing a significant risk if an attacker has physical access to the camera.

• CVE-2024-6248 (CVSS 7.5): Cloud Infrastructure Improper Authentication

Another serious vulnerability (CVE-2024-6248) is found within the cloud infrastructure of Wyze Cam v3, specifically in the run_action_batch endpoint. This flaw results from using the device’s MAC address as the sole authentication credential. Network-adjacent attackers can exploit this vulnerability, especially when combined with other vulnerabilities, to execute arbitrary code with root privileges, compromising the device’s integrity.

• CVE-2024-6249 (CVSS 8.8): TCP Traffic Handling Stack-Based Buffer Overflow

The final critical vulnerability (CVE-2024-6249) involves a stack-based buffer overflow in the TUTK P2P library. Similar to the Realtek Wi-Fi driver flaw, this vulnerability results from improper validation of user-supplied data lengths before copying them to a fixed-length stack-based buffer. Network-adjacent attackers can leverage this flaw to execute arbitrary code within the root context, making it a severe threat to the device’s security.

The most alarming aspect of these vulnerabilities is that they could be exploited without the need for user credentials or physical access to the device in some cases. This means that attackers could potentially hijack cameras remotely, accessing live feeds, recordings, and even manipulating the camera’s functions.

Wyze has recognized the severity of these vulnerabilities and issued an urgent update to address them. Users are strongly encouraged to apply the latest firmware update to their Wyze Cam v3 devices immediately to mitigate these risks. Detailed information about the update and the vulnerabilities can be found on the Wyze forums at Security Advisory.