CVE-2024-6248: CWE-287: Improper Authentication in Wyze Cam v3
CVE-2024-6248 is a high-severity improper authentication vulnerability affecting Wyze Cam v3 IP cameras, specifically version 4. 36. 11. 7071. The flaw resides in the cloud infrastructure's run_action_batch endpoint, which uses the device's MAC address as the sole authentication credential. This design allows network-adjacent attackers to bypass authentication and execute arbitrary code remotely with root privileges. Exploitation does not require user interaction or prior authentication, increasing the risk. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to device confidentiality, integrity, and availability. Organizations using Wyze Cam v3 devices should prioritize mitigation to prevent potential compromise. The vulnerability has a CVSS score of 7.
AI Analysis
Technical Summary
CVE-2024-6248 is an improper authentication vulnerability (CWE-287) affecting Wyze Cam v3 IP cameras, specifically version 4.36.11.7071. The vulnerability exists in the cloud infrastructure's run_action_batch endpoint, which improperly uses the device's MAC address as the sole authentication mechanism. Since MAC addresses are easily discoverable or spoofable within a network, an attacker positioned on the same or adjacent network segment can bypass authentication controls. This flaw enables remote code execution (RCE) with root privileges on the affected device, allowing attackers to fully compromise the camera. The vulnerability does not require any user interaction or prior authentication, significantly lowering the barrier to exploitation. The CVSS v3.0 score of 7.5 reflects high confidentiality, integrity, and availability impacts, with attack vector classified as adjacent network and high attack complexity. The issue was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-22393. No public patches or exploits are currently available, but the vulnerability's nature suggests a critical risk to IoT device security and privacy. The flaw could be chained with other vulnerabilities to escalate impact further.
Potential Impact
The vulnerability allows attackers to execute arbitrary code remotely with root privileges on Wyze Cam v3 devices, leading to full device compromise. This can result in unauthorized surveillance, data exfiltration, manipulation or deletion of recorded footage, and potential pivoting into broader network environments. The compromise of these cameras undermines user privacy and can facilitate espionage or harassment. For organizations, especially those deploying Wyze Cam v3 devices in sensitive environments, this vulnerability threatens operational security and could lead to regulatory compliance violations. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, potentially affecting millions of devices globally. Disruption of camera availability or integrity could impair security monitoring and incident response capabilities. The vulnerability also raises concerns about the security posture of IoT devices relying on weak or improper authentication mechanisms.
Mitigation Recommendations
Organizations and users should immediately verify their Wyze Cam v3 firmware version and avoid using affected versions (4.36.11.7071). Since no official patch is currently available, users should restrict network access to these devices by isolating them on segmented VLANs or dedicated IoT networks to limit attacker proximity. Employ network-level controls such as firewall rules to block unauthorized access to the cloud infrastructure endpoints, especially the run_action_batch endpoint. Monitor network traffic for suspicious activity related to MAC address spoofing or unusual commands sent to cameras. Disable remote access features if not required and use strong, multi-factor authentication where possible for cloud accounts managing these devices. Regularly check for vendor updates or security advisories and apply patches promptly once released. Consider replacing affected devices with models that implement robust authentication mechanisms. Conduct security awareness training for users to recognize potential IoT device compromise indicators.
Affected Countries
United States, Canada, United Kingdom, Germany, France, Australia, Japan, South Korea, China
CVE-2024-6248: CWE-287: Improper Authentication in Wyze Cam v3
Description
CVE-2024-6248 is a high-severity improper authentication vulnerability affecting Wyze Cam v3 IP cameras, specifically version 4. 36. 11. 7071. The flaw resides in the cloud infrastructure's run_action_batch endpoint, which uses the device's MAC address as the sole authentication credential. This design allows network-adjacent attackers to bypass authentication and execute arbitrary code remotely with root privileges. Exploitation does not require user interaction or prior authentication, increasing the risk. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to device confidentiality, integrity, and availability. Organizations using Wyze Cam v3 devices should prioritize mitigation to prevent potential compromise. The vulnerability has a CVSS score of 7.
AI-Powered Analysis
Technical Analysis
CVE-2024-6248 is an improper authentication vulnerability (CWE-287) affecting Wyze Cam v3 IP cameras, specifically version 4.36.11.7071. The vulnerability exists in the cloud infrastructure's run_action_batch endpoint, which improperly uses the device's MAC address as the sole authentication mechanism. Since MAC addresses are easily discoverable or spoofable within a network, an attacker positioned on the same or adjacent network segment can bypass authentication controls. This flaw enables remote code execution (RCE) with root privileges on the affected device, allowing attackers to fully compromise the camera. The vulnerability does not require any user interaction or prior authentication, significantly lowering the barrier to exploitation. The CVSS v3.0 score of 7.5 reflects high confidentiality, integrity, and availability impacts, with attack vector classified as adjacent network and high attack complexity. The issue was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-22393. No public patches or exploits are currently available, but the vulnerability's nature suggests a critical risk to IoT device security and privacy. The flaw could be chained with other vulnerabilities to escalate impact further.
Potential Impact
The vulnerability allows attackers to execute arbitrary code remotely with root privileges on Wyze Cam v3 devices, leading to full device compromise. This can result in unauthorized surveillance, data exfiltration, manipulation or deletion of recorded footage, and potential pivoting into broader network environments. The compromise of these cameras undermines user privacy and can facilitate espionage or harassment. For organizations, especially those deploying Wyze Cam v3 devices in sensitive environments, this vulnerability threatens operational security and could lead to regulatory compliance violations. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, potentially affecting millions of devices globally. Disruption of camera availability or integrity could impair security monitoring and incident response capabilities. The vulnerability also raises concerns about the security posture of IoT devices relying on weak or improper authentication mechanisms.
Mitigation Recommendations
Organizations and users should immediately verify their Wyze Cam v3 firmware version and avoid using affected versions (4.36.11.7071). Since no official patch is currently available, users should restrict network access to these devices by isolating them on segmented VLANs or dedicated IoT networks to limit attacker proximity. Employ network-level controls such as firewall rules to block unauthorized access to the cloud infrastructure endpoints, especially the run_action_batch endpoint. Monitor network traffic for suspicious activity related to MAC address spoofing or unusual commands sent to cameras. Disable remote access features if not required and use strong, multi-factor authentication where possible for cloud accounts managing these devices. Regularly check for vendor updates or security advisories and apply patches promptly once released. Consider replacing affected devices with models that implement robust authentication mechanisms. Conduct security awareness training for users to recognize potential IoT device compromise indicators.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-06-21T14:52:30.170Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6bfeb7ef31ef0b55d67c
Added to database: 2/25/2026, 9:39:10 PM
Last enriched: 2/26/2026, 3:05:23 AM
Last updated: 2/26/2026, 8:43:08 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-1698: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax in arcinfo PcVue
MediumCVE-2026-1697: CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in arcinfo PcVue
MediumCVE-2026-1696: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in arcinfo PcVue
LowCVE-2026-1695: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in arcinfo PcVue
MediumCVE-2026-1694: CWE-201 Insertion of Sensitive Information into Sent Data in arcinfo PcVue
LowActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.