Flaws in Wyze cam devices allow their complete takeover

Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds.

Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited by threat actors to execute arbitrary code and access camera feeds.

The three flaws reported by the cybersecurity firm are:

An authentication bypass tracked CVE-2019-9564
A stack-based buffer overflow, tracked as CVE-2019-12266, which could lead to remote control execution.
An unauthenticated access to contents of the SD card

A remote attacker could exploit the CVE-2019-9564 flaw to take over the device, including turning on/off the camera.

An attacker could chain the above issue with the CVE-2019-12266 flaw to access live audio and video feeds.

The flaws were reported to Wyze in May 2019, the company addressed the CVE-2019-9564 and CVE-2019-12266 flaws in September 2019 and November 2020, respectively.

The vendor addressed the unauthenticated access to the content of the SD card with the release of firmware updates on January 29, 2022.

According to the experts, there are 3 version of Wyze Cam devices on the market and the first one has been discontinued and will not receive security updates to address the flaws.

“The analyzed device comes in several versions: Wyze Cam version 1, Wyze Cam Black version 2, as well as Wyze Cam version 3. We learned that, while versions 2 and 3 have been patched against these vulnerabilities, version 1 has been discontinued and is no longer receiving security fixes.” reads the report published by the security firm. “Customers who keep using Wyze Cam version 1 are no longer protected and risk having their devices exploited.“

Source Punto Informatico website

Bitdefenders also provided the following recommendations to prevent attacks against IoT devices:

“Home users should keep a close eye on IoT devices and isolate them as much as possible from the local or guest network,” reads the post. “This can be done by setting up a dedicated SSID exclusively for IoT devices, or by moving them to the guest network if the router does not support the creation of additional SSIDs.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Wyze cam devices)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.