CVE-2019-12266

Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:wyze:cam_pan_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_pan_v2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:wyze:cam_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:wyze:cam_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v3:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-03-30 20:15

Updated : 2024-02-28 19:09

NVD link : CVE-2019-12266

Mitre link : CVE-2019-12266

CVE.ORG link : CVE-2019-12266

JSON object : View

Products Affected

wyze

cam_v2_firmware
cam_pan_v2_firmware
cam_pan_v2
cam_v2
cam_v3_firmware
cam_v3

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2019-12266", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cve-requests@bitdefender.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.0}]}, "published": "2022-03-30T20:15:08.313", "references": [{"url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/", "tags": ["Third Party Advisory"], "source": "cve-requests@bitdefender.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "cve-requests@bitdefender.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32."}, {"lang": "es", "value": "Una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria en Wyze Cam Pan versi\u00f3n v2, Cam versi\u00f3n v2, Cam versi\u00f3n v3, permite a un atacante ejecutar c\u00f3digo arbitrario en el dispositivo afectado. Este problema afecta a: Wyze Cam Pan versiones v2 anteriores a 4.49.1.47. Wyze Cam versiones v2 anteriores a 4.9.8.1002. Wyze Cam v3 versiones v3 anteriores a 4.36.8.32"}], "lastModified": "2022-04-05T21:21:36.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_pan_v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFB9B059-F660-4D9E-A8FE-4464E36520FE", "versionEndExcluding": "4.49.1.47"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_pan_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D00DC99-9D9F-40D6-BBC6-82FB97B480B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v2_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9CD737D-C13D-4B2D-9C27-E13FEA352737", "versionEndExcluding": "4.9.8.1002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0A4D9556-1751-46C9-96C9-6C7994BE8BD1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v3_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36A0BA09-1A2F-4389-988B-C2C51D3CEBC0", "versionEndExcluding": "4.36.8.32"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v3:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C96BD4E4-F38A-4D78-851D-0F879B4D3A16"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve-requests@bitdefender.com"}