This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 IP cameras. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8.
Daily Archives: June 21, 2024
ZDI-24-837: (Pwn2Own) Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.6. The following CVEs are assigned: CVE-2024-6246.
ZDI-24-838: (Pwn2Own) Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-6247.
ZDI-24-839: (Pwn2Own) Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-6248.
ZDI-24-840: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-6249.