CVE-2024-6248

Name of the Vulnerable Software and Affected Versions: Wyze Cam v3 (affected versions not specified)

Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. The specific flaw exists within the "run action batch" endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.