CVE-2019-9564

Authentication bypass in Wyze Cam Pan v2, Cam v2 and Cam v3

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.

Una vulnerabilidad en la lógica de autenticación de Wyze Cam Pan v2, Cam v2, Cam v3 permite a un atacante eludir el inicio de sesión y controlar los dispositivos. Este problema afecta: Las versiones de Wyze Cam Pan v2 anteriores a la 4.49.1.47. Las versiones de Wyze Cam v2 anteriores a la 4.9.8.1002. Las versiones de Wyze Cam v3 anteriores a la 4.36.8.32

*Credits: Bitdefender Labs

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-03-04 CVE Reserved
2022-03-30 CVE Published
2024-09-16 CVE Updated
2024-12-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (1)

URL	Tag	Source
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wyze Search vendor "Wyze"	Cam Pan V2 Firmware Search vendor "Wyze" for product "Cam Pan V2 Firmware"	< 4.49.1.47 Search vendor "Wyze" for product "Cam Pan V2 Firmware" and version " < 4.49.1.47"	-	Affected	in	Wyze Search vendor "Wyze"	Cam Pan V2 Search vendor "Wyze" for product "Cam Pan V2"	-	-	Safe
Wyze Search vendor "Wyze"	Cam V2 Firmware Search vendor "Wyze" for product "Cam V2 Firmware"	< 4.9.8.1002 Search vendor "Wyze" for product "Cam V2 Firmware" and version " < 4.9.8.1002"	-	Affected	in	Wyze Search vendor "Wyze"	Cam V2 Search vendor "Wyze" for product "Cam V2"	-	-	Safe
Wyze Search vendor "Wyze"	Cam V3 Firmware Search vendor "Wyze" for product "Cam V3 Firmware"	< 4.36.8.32 Search vendor "Wyze" for product "Cam V3 Firmware" and version " < 4.36.8.32"	-	Affected	in	Wyze Search vendor "Wyze"	Cam V3 Search vendor "Wyze" for product "Cam V3"	-	-	Safe