CVE-2024-6248 is an improper authentication vulnerability (CWE-287) affecting Wyze Cam v3 IP cameras, specifically version 4.36.11.7071. The vulnerability exists in the cloud infrastructure's run_action_batch endpoint, which improperly uses the device's MAC address as the sole authentication mechanism. Since MAC addresses are easily discoverable or spoofable within a network, an attacker positioned on the same or adjacent network segment can bypass authentication controls. This flaw enables remote code execution (RCE) with root privileges on the affected device, allowing attackers to fully compromise the camera. The vulnerability does not require any user interaction or prior authentication, significantly lowering the barrier to exploitation. The CVSS v3.0 score of 7.5 reflects high confidentiality, integrity, and availability impacts, with attack vector classified as adjacent network and high attack complexity. The issue was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-22393. No public patches or exploits are currently available, but the vulnerability's nature suggests a critical risk to IoT device security and privacy. The flaw could be chained with other vulnerabilities to escalate impact further.

The vulnerability allows attackers to execute arbitrary code remotely with root privileges on Wyze Cam v3 devices, leading to full device compromise. This can result in unauthorized surveillance, data exfiltration, manipulation or deletion of recorded footage, and potential pivoting into broader network environments. The compromise of these cameras undermines user privacy and can facilitate espionage or harassment. For organizations, especially those deploying Wyze Cam v3 devices in sensitive environments, this vulnerability threatens operational security and could lead to regulatory compliance violations. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, potentially affecting millions of devices globally. Disruption of camera availability or integrity could impair security monitoring and incident response capabilities. The vulnerability also raises concerns about the security posture of IoT devices relying on weak or improper authentication mechanisms.

Organizations and users should immediately verify their Wyze Cam v3 firmware version and avoid using affected versions (4.36.11.7071). Since no official patch is currently available, users should restrict network access to these devices by isolating them on segmented VLANs or dedicated IoT networks to limit attacker proximity. Employ network-level controls such as firewall rules to block unauthorized access to the cloud infrastructure endpoints, especially the run_action_batch endpoint. Monitor network traffic for suspicious activity related to MAC address spoofing or unusual commands sent to cameras. Disable remote access features if not required and use strong, multi-factor authentication where possible for cloud accounts managing these devices. Regularly check for vendor updates or security advisories and apply patches promptly once released. Consider replacing affected devices with models that implement robust authentication mechanisms. Conduct security awareness training for users to recognize potential IoT device compromise indicators.