Radu Basaraba

Name of the Vulnerable Software and Affected Versions: ThroughTek Kalay SDK versions used in Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE Description: The issue is related to the use of uninitialized variables in the Kalay SDK, which can be exploited by a remote attacker to disclose protected information. Additionally, the SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity. Recommendations: For ThroughTek Kalay SDK versions used in Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE, consider disabling the use of DTLS sessions with unpredictable PSK identities until a patch is available. As a temporary workaround, restrict access to the affected devices to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Kalay SDK versions (affected versions not specified) Owlet Cam version (affected versions not specified) Owlet Cam v1 Owlet Cam v2 Wyze Cam v3 Roku Indoor Camera SE Description: The issue is related to insufficient authentication of received data, allowing an attacker to impersonate an authoritative server and potentially gain unauthorized access to protected information. This can be exploited by a remote attacker. Recommendations: For Kalay SDK, consider implementing proper message authentication mechanisms to verify the authenticity of received messages until a patch is available. For Owlet Cam v1, Owlet Cam v2, Wyze Cam v3, and Roku Indoor Camera SE, restrict access to sensitive information and consider disabling remote access features until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Owlet Cam versions v1 and v2 **Description** A command injection vulnerability exists in the IOCTL that manages OTA updates, allowing a specially crafted command to lead to command execution as the root user. An attacker can make authenticated requests to trigger this vulnerability, potentially enabling remote execution of arbitrary commands and privilege escalation. **Recommendations** For Owlet Cam version v1, upgrade the affected components immediately to mitigate the risk. For Owlet Cam version v2, upgrade the affected components immediately to mitigate the risk. As a temporary workaround, consider restricting access to the IOCTL handler that manages OTA updates until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Roku Indoor Camera SE version 3.0.2.4679 Wyze Cam v3 version 4.36.11.5859 **Description** A stack-based buffer overflow issue exists in the message parsing functionality. This can be triggered by a specially crafted message, leading to a stack-based buffer overflow. An attacker can make authenticated requests to exploit this issue, potentially allowing them to elevate their privileges and gain unauthorized access to protected information. **Recommendations** For Roku Indoor Camera SE version 3.0.2.4679, update to a version that addresses the buffer overflow vulnerability in the message parsing functionality. For Wyze Cam v3 version 4.36.11.5859, update to a version that addresses the buffer overflow vulnerability in the message parsing functionality. As a temporary workaround, consider restricting access to the message parsing functionality until a patch is available.