CVE-2019-9564

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
BitdefenderCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
wyzecam_pan_v2_firmware
𝑥
< 4.49.1.47
wyzecam_v2_firmware
𝑥
< 4.9.8.1002
wyzecam_v3_firmware
𝑥
< 4.36.8.32
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/