CVE-2024-13892 is a high-severity OS command injection vulnerability affecting Smartwares IP cameras, specifically the CIP-37210AT and C724IP models, as well as other devices sharing the same firmware up to version 3.3.0. The vulnerability arises during the device initialization process, where a user must input Wi-Fi Access Point credentials via a mobile application. The input handling mechanism fails to properly sanitize these credentials, allowing an attacker to inject arbitrary OS commands. This improper neutralization of special elements (CWE-78) can lead to unauthorized command execution on the device's underlying operating system. The vulnerability does not require authentication or user interaction beyond providing the Wi-Fi credentials, making it exploitable remotely by anyone within wireless range during setup. The vendor has not responded to vulnerability reports, and no patches are currently available, leaving the firmware versions up to 3.3.0—and potentially newer versions—vulnerable. The CVSS 4.0 base score of 7.7 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no known exploits are reported in the wild yet, the ease of exploitation and critical nature of the flaw pose a significant risk to affected devices.

For European organizations using Smartwares CIP-37210AT, C724IP, or similar models, this vulnerability could lead to full compromise of the affected cameras. Attackers could execute arbitrary commands, potentially gaining persistent control over the device, intercepting or manipulating video feeds, or using the compromised cameras as footholds for lateral movement within corporate or residential networks. This threatens confidentiality of surveillance data, integrity of device operation, and availability of security monitoring. In sectors such as critical infrastructure, government facilities, healthcare, and corporate environments where these cameras are deployed, exploitation could undermine physical security and privacy compliance obligations under GDPR. Additionally, the lack of vendor response and patch availability increases the window of exposure, making mitigation challenging. The vulnerability's exploitation could also facilitate broader attacks such as launching DDoS attacks or pivoting to other network assets, amplifying the impact on European organizations.

Organizations should immediately audit their inventory for affected Smartwares camera models and firmware versions. Until patches are available, mitigate risk by isolating vulnerable devices on segmented networks with strict access controls, preventing unauthorized access to the device initialization process. Disable or restrict wireless setup features if possible, or perform device provisioning in secure, controlled environments. Monitor network traffic for unusual command execution patterns or unexpected outbound connections from cameras. Employ network-level intrusion detection/prevention systems tuned to detect command injection attempts targeting these devices. Engage with Smartwares support channels to demand patch releases and subscribe to vulnerability advisories for updates. Consider replacing vulnerable devices with alternatives from vendors with active security maintenance if mitigation is not feasible. Finally, implement strong Wi-Fi security and restrict physical access to prevent local exploitation during device setup.