CVE-2024-6249 is a stack-based buffer overflow vulnerability classified under CWE-121, found in the TCP traffic handling component of the TUTK P2P library used by Wyze Cam v3 IP cameras. The vulnerability stems from inadequate validation of the length of user-supplied data before it is copied into a fixed-size stack buffer. This flaw allows a network-adjacent attacker to send specially crafted TCP packets that overflow the buffer, enabling arbitrary code execution with root privileges on the affected device. Exploitation does not require authentication or user interaction, significantly lowering the attack barrier. The vulnerability affects firmware version 4.36.11.7071 of Wyze Cam v3. The Common Vulnerability Scoring System (CVSS) version 3.0 rates this vulnerability at 8.8 (high severity), reflecting its potential to compromise confidentiality, integrity, and availability. While no public exploits have been reported yet, the vulnerability was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-22419, indicating credible discovery and validation. The root cause is a classic buffer overflow due to unsafe memory operations in the P2P communication stack, a critical component for remote device connectivity. Successful exploitation could allow attackers to fully control the camera, potentially using it as a foothold for further network intrusion or surveillance.

The impact of CVE-2024-6249 is substantial for organizations and individuals deploying Wyze Cam v3 devices. An attacker exploiting this vulnerability can gain root-level control over the camera, leading to complete compromise of the device. This includes the ability to disable security features, intercept or manipulate video streams, and use the device as a pivot point to launch attacks against other network assets. The breach of confidentiality is severe as attackers can spy on private spaces. Integrity and availability are also at risk since attackers can alter device behavior or render it inoperable. For enterprises using these cameras for security or monitoring, this could result in significant operational disruption and data breaches. The lack of authentication requirement and ease of exploitation increase the likelihood of attacks, especially in environments where these devices are exposed to untrusted networks or insufficiently segmented. The vulnerability also poses privacy risks to consumers and could damage the vendor’s reputation if exploited at scale.

To mitigate CVE-2024-6249, organizations should immediately identify all Wyze Cam v3 devices running the affected firmware version 4.36.11.7071. Although no official patch is currently available, users should monitor Wyze’s security advisories and apply firmware updates promptly once released. In the interim, network-level mitigations are critical: restrict camera network access to trusted internal networks only, implement strict firewall rules to block unsolicited inbound TCP traffic to the cameras, and segment IoT devices from critical infrastructure using VLANs or zero-trust network architectures. Enable network monitoring and anomaly detection to identify unusual traffic patterns targeting these devices. Disable remote access features if not required. Additionally, consider replacing vulnerable devices with models confirmed to be patched or more secure. Vendors and integrators should also review their supply chain and device management policies to ensure timely vulnerability management. Finally, educate users on the risks of exposing IoT devices to public or untrusted networks.