← Back

Wyze

wyze

10 CVEs • 8 products

Products (8)

Click to collapse
Toggle
Cam V3 Firmware
cam_v3_firmware
9 CVEs
Cam Pan V2 Firmware
cam_pan_v2_firmware
2 CVEs
Cam V2 Firmware
cam_v2_firmware
2 CVEs
Cam V4 Firmware
cam_v4_firmware
1 CVE
Cam Pan V2
cam_pan_v2
0 CVEs
Cam V2
cam_v2
0 CVEs
Cam V3
cam_v3
0 CVEs
Cam V4
cam_v4
0 CVEs

CVEs (10)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-6249
1Wyze
1Cam V3 Firmware
Aug 8, 2025
Nov 22, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP...Show more
Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419.Show less
CVE-2024-6248
1Wyze
1Cam V3 Firmware
Aug 8, 2025
Nov 22, 2024
N/A· v4
7.5 HIGH· v3
N/A· v2
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cam...Show more
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393.Show less
CVE-2024-6247
1Wyze
1Cam V3 Firmware
Aug 8, 2025
Nov 22, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authe...Show more
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSIDs embedded in scanned QR codes. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22337.Show less
CVE-2024-6246
1Wyze
1Cam V3 Firmware
Aug 8, 2025
Nov 22, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP...Show more
Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Realtek Wi-Fi kernel module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-22310.Show less
CVE-2024-37066
1Wyze
1Cam V4 Firmware
Nov 21, 2024
Jul 19, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
CVE-2023-6324
4Owletcare
RokuThroughtek+1 more
5Cam 2 Firmware
Cam FirmwareCam V3 Firmware+2 more
Feb 11, 2025
May 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVE-2023-6323
4Owletcare
RokuThroughtek+1 more
5Cam 2 Firmware
Cam FirmwareCam V3 Firmware+2 more
Feb 11, 2025
May 15, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVE-2023-6322
3Roku
ThroughtekWyze
3Cam V3 Firmware
Indoor Camera Se FirmwareKalay Platform
Feb 11, 2025
May 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-...Show more
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.Show less
CVE-2019-9564
1Wyze
3Cam Pan V2 Firmware
Cam V2 FirmwareCam V3 Firmware
Nov 21, 2024
Mar 30, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 vers...Show more
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.Show less
CVE-2019-12266
1Wyze
3Cam Pan V2 Firmware
Cam V2 FirmwareCam V3 Firmware
Nov 21, 2024
Mar 30, 2022
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 v...Show more
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.Show less