RCE exploit for Wyze Cam v3 publicly released, patch now

A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for color night vision, SD card storage, cloud connectivity for smartphone control, IP65 weatherproofing, and more. Security researcher Peter Geissler recently discovered two flaws in the latest Wyze Cam v3 firmware that can be chained together for remote code execution on vulnerable devices. The iCamera code that parses that object can be exploited due to bad handling of a specific array, leading to a stack buffer overflow where data is written into unintended parts of the memory. The exploit released by Geissler on GitHub chains these two flaws to give attackers an interactive Linux root shell, turning vulnerable Wyze v3 cameras into persistent backdoors and allowing attackers to pivot to other devices in the network. The exploit was tested and confirmed to work on firmware versions 4.36.10.4054, 4.36.11.4679, and 4.36.11.5859. Wyze released firmware update version 4.36.11.7071, which addresses the identified issues, on October 22, 2023, so users are recommended to apply the security update as soon as possible. In a private discussion, Geissler explained to BleepingComputer that he made his exploit available to the public before most Wyze users could apply the patch to express his disapproval of Wyze's patching strategies. Specifically, Wyze's patch came right after the competition registration deadline for the recent Pwn2Own Toronto event. Releasing the fixes right after the registration had caused several teams that had a working exploit in their hands up until that moment to abandon the effort. Wyze told the researcher that the timing was a coincidence and that they were merely trying to safeguard their customers against a threat they had learned about a few days before. "I want to clarify a few things; we didn't know about this issue for years, this is an issue in the third-party library we use and we got a report about it just a few days before pwn2own and once we got the report in our bugbounty program we patched the issue in 3 days and released to public," reads an email sent from Wyze. While Geissler admits that it is common for vendors to patch a bug that breaks exploit chains before the competition, he accuses Wyze of singling out that specific device to avoid negative PR from the competition, as the bug was allegedly not fixed in other devices. BleepingComputer reached out to Wyze for a comment about Geissler's accusations but has not received a response at this time. Wyze told another security researcher that they were only notified of the Wyze Cam v3 bug a few days before the competition and are now investigating whether it is in other devices' firmware. If unable to apply the firmware update, users should isolate their Wyze cameras from networks that serve critical devices. Fake WinRAR proof-of-concept exploit drops VenomRAT malware. Citrix Bleed exploit lets hackers hijack NetScaler accounts. Exploits released for Linux flaw giving root on major distros. Exploit available for critical WS FTP bug exploited in attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to RCE exploit for Wyze Cam v3 publicly released, patch now

RCE exploit for Wyze Cam v3 publicly released, patch now - A security researcher has published a proof-of-concept exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices. Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for ...
11 months ago Bleepingcomputer.com
CVE-2018-0688 - Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September 4, ...
5 years ago
CVE-2018-0689 - HTTP header injection vulnerability in SEIKO EPSON printers and scanners (DS-570W firmware versions released prior to 2018 March 13, DS-780N firmware versions released prior to 2018 March 13, EP-10VA firmware versions released prior to 2017 September ...
5 years ago
Wyze Cameras Allow Accidental User Spying - This isn't the first time that Wyze, a Seattle-based company offering smart home products such as cameras and doorbells, has experienced a cybersecurity issue like this. In September 2023, Wyze camera users reported that they were seeing camera feeds ...
8 months ago Darkreading.com
CVE-2019-12266 - Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. ...
2 years ago
CVE-2019-9564 - A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze ...
1 year ago
Exploit for CrushFTP RCE chain released, patch now - A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. The ...
11 months ago Bleepingcomputer.com
Wyze camera glitch gave 13,000 users a peek into other homes - Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes. The company blames a third-party caching client library recently added to its ...
8 months ago Bleepingcomputer.com
Wyze investigating 'security issue' amid ongoing outage - Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. In an incident report posted at 6:31 AM PT, the company blamed today's camera and login issues on an AWS ...
8 months ago Bleepingcomputer.com
CVE-2018-7939 - Huawei smart phones G9 Lite, Honor 5A, Honor 6X, Honor 8 with the versions before VNS-L53C605B120CUSTC605D103, the versions before CAM-L03C605B143CUSTC605D008, the versions before CAM-L21C10B145, the versions before CAM-L21C185B156, the versions ...
5 years ago
Exploit for critical Progress Telerik auth bypass released, patch now - Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers. The Telerik Report Server is an API-powered end-to-end encrypted report management solution ...
4 months ago Bleepingcomputer.com
Exploit released for maximum severity Fortinet RCE bug, patch now - Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February. Tracked as CVE-2024-23108, this security flaw is a ...
5 months ago Bleepingcomputer.com
Experts released PoC exploit code for RCE in Fortinet SIEM - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Crowdfense is offering a larger 30M USD exploit acquisition program. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. PoC ...
5 months ago Securityaffairs.com
How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
4 months ago Heimdalsecurity.com
Counter-Strike 2 HTML injection bug exposes players' IP addresses - Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe Cross Site Scripting flaw, which ...
10 months ago Bleepingcomputer.com
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
5 months ago Bleepingcomputer.com
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released - The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. FileCatalyst Workflow is a web-based file ...
4 months ago Bleepingcomputer.com
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
7 months ago Bleepingcomputer.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
6 months ago Techtarget.com
How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
6 months ago Techtarget.com
Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
1 year ago Bleepingcomputer.com
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
10 months ago Bleepingcomputer.com
Privilege elevation exploits used in over 50% of insider attacks - Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner. A report by ...
10 months ago Bleepingcomputer.com
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
7 months ago Cisa.gov
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
7 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)