CVE-2024-6247 is a vulnerability identified in the Wyze Cam v3 IP camera firmware version 4.36.11.7071. The flaw is an OS command injection (CWE-78) that occurs due to improper neutralization of special elements in Wi-Fi SSID strings embedded within scanned QR codes. When the camera processes these SSIDs, it fails to properly validate or sanitize the input before passing it to system calls, enabling an attacker physically near the device to inject arbitrary commands. This vulnerability does not require authentication or user interaction, making it easier to exploit if physical access is possible. Successful exploitation results in remote code execution with root privileges, allowing full control over the device, including potential access to video streams, device configuration, and network information. The vulnerability was cataloged by the Zero Day Initiative as ZDI-CAN-22337 and published in November 2024. The CVSS v3.0 base score is 6.8, indicating a medium severity level, with high impact on confidentiality, integrity, and availability but requiring physical proximity (attack vector: physical). No public exploits have been reported yet, but the risk remains significant due to the root-level access granted upon exploitation. The vulnerability highlights a critical failure in input validation during QR code-based Wi-Fi setup, a common feature in IoT devices for ease of use.

The impact of CVE-2024-6247 is substantial for organizations and individuals using Wyze Cam v3 devices. An attacker with physical access can gain root-level control over the camera, compromising the confidentiality of video feeds and stored data, potentially leading to privacy violations. Integrity of the device firmware and configuration can be altered, enabling persistent backdoors or disabling security features. Availability may also be affected if the attacker disrupts device functionality or uses it as a pivot point for further network attacks. For enterprises deploying these cameras in sensitive environments, such as offices or critical infrastructure, the risk extends to broader network compromise. The lack of authentication and user interaction requirements lowers the barrier for exploitation, though physical proximity limits remote attacks. The vulnerability could be leveraged for espionage, sabotage, or unauthorized surveillance, especially in environments where physical security is less stringent. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as proof-of-concept exploits may emerge.

To mitigate CVE-2024-6247, organizations should implement the following specific measures: 1) Immediately restrict physical access to Wyze Cam v3 devices, especially in public or semi-public areas, to prevent attackers from scanning malicious QR codes. 2) Disable or avoid using QR code-based Wi-Fi setup features until a vendor patch is available. 3) Monitor Wyze’s official channels for firmware updates addressing this vulnerability and apply patches promptly once released. 4) Employ network segmentation to isolate IoT devices like Wyze cameras from critical network assets, limiting lateral movement if compromise occurs. 5) Conduct regular audits of device configurations and logs to detect anomalous behavior indicative of exploitation attempts. 6) Consider replacing vulnerable devices in high-security environments with alternatives that have stronger input validation and security controls. 7) Educate users and administrators about the risks of physical access attacks and the importance of securing IoT devices physically and logically. These steps go beyond generic advice by focusing on the unique attack vector (QR code SSID injection) and the physical access requirement.