CVE-2019-12266
Stack buffer overflow in Wyze Cam Pan v2, Cam v2 and Cam v3
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en Wyze Cam Pan versión v2, Cam versión v2, Cam versión v3, permite a un atacante ejecutar código arbitrario en el dispositivo afectado. Este problema afecta a: Wyze Cam Pan versiones v2 anteriores a 4.49.1.47. Wyze Cam versiones v2 anteriores a 4.9.8.1002. Wyze Cam v3 versiones v3 anteriores a 4.36.8.32
*Credits:
Bitdefender Labs
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-05-21 CVE Reserved
- 2022-03-30 CVE Published
- 2024-09-17 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wyze Search vendor "Wyze" | Cam Pan V2 Firmware Search vendor "Wyze" for product "Cam Pan V2 Firmware" | < 4.49.1.47 Search vendor "Wyze" for product "Cam Pan V2 Firmware" and version " < 4.49.1.47" | - |
Affected
| in | Wyze Search vendor "Wyze" | Cam Pan V2 Search vendor "Wyze" for product "Cam Pan V2" | - | - |
Safe
|
| Wyze Search vendor "Wyze" | Cam V2 Firmware Search vendor "Wyze" for product "Cam V2 Firmware" | < 4.9.8.1002 Search vendor "Wyze" for product "Cam V2 Firmware" and version " < 4.9.8.1002" | - |
Affected
| in | Wyze Search vendor "Wyze" | Cam V2 Search vendor "Wyze" for product "Cam V2" | - | - |
Safe
|
| Wyze Search vendor "Wyze" | Cam V3 Firmware Search vendor "Wyze" for product "Cam V3 Firmware" | < 4.36.8.32 Search vendor "Wyze" for product "Cam V3 Firmware" and version " < 4.36.8.32" | - |
Affected
| in | Wyze Search vendor "Wyze" | Cam V3 Search vendor "Wyze" for product "Cam V3" | - | - |
Safe
|