Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability

Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393.

N/A

认证机制不恰当

Wyze Cam 授权问题漏洞

Wyze Cam（Wyze Labs）是美国Wyze公司的一系列摄像机。 Wyze Cam v3版本存在授权问题漏洞。攻击者利用该漏洞可以执行任意代码。

N/A

N/A