Wyze Cam v3 TCP Stack-Based Buffer Overflow RCE (CVE-2024-6249)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: (Pwn2Own) Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability 2. Vulnerability ID: ZDI-24-840, ZDI-CAN-22419 3. CVE ID: CVE-2024-6249 4. CVSS Score: 8.8, AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 5. Affected Vendor: Wyze 6. Affected Product: Cam v3 7. Vulnerability Details: - Allows an attacker in close network proximity to execute arbitrary code on the affected Wyze Cam v3 IP camera. - No authentication is required to exploit this vulnerability. - The issue resides in the TUTK P2P library. Due to insufficient validation of user-supplied data length, data is copied into a fixed-length stack buffer, leading to a stack-based buffer overflow. Attackers can exploit this to execute code in the root context. 8. Additional Details: - Wyze has released an update to fix this vulnerability. - More details can be found at: https://forums.wyze.com/t/security-advisory/289256 9. Disclosure Timeline: - 2023-11-09 - Vulnerability reported to vendor - 2024-06-21 - Coordinated public disclosure of vulnerability advisory - 2024-08-15 - Advisory update 10. Credits: - STEALIEN Inc. (Dohyun Kim, Sejun Oh, Hyeong Il Moon, Wonuk Bae, Jaehoon Jang, Bongeun Koo, Sungjun Park, Kitae Park, Wonbeen Im) This information provides a detailed description of the vulnerability, including its severity, affected devices and vendors, exploitation method, and remediation details.

Goal Reached Thanks to every supporter — we hit 100%!

Wyze Cam v3 TCP Stack-Based Buffer Overflow RCE (CVE-2024-6249)