CVE-2024-37066 - Vulnerability Details - OpenCVE

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01142.

Key SSVC decision points have not yet been added.

Vendors	Products
Wyze	Cam V4 Cam V4 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://forums.wyze.com/t/security-advisory/289256
https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/

History

Thu, 22 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wyze Wyze cam V4 Wyze cam V4 Firmware
CPEs		cpe:2.3:h:wyze:cam_v4:::::::: cpe:2.3:o:wyze:cam_v4_firmware::::::::
Vendors & Products		Wyze Wyze cam V4 Wyze cam V4 Firmware

MITRE

Status: PUBLISHED

Assigner: HiddenLayer

Published: 2024-07-19T12:05:11.395Z

Updated: 2024-08-02T03:43:50.813Z

Reserved: 2024-05-31T14:19:09.799Z

Link: CVE-2024-37066

Vulnrichment

Updated: 2024-08-02T03:43:50.813Z

NVD

Status : Modified

Published: 2024-07-19T12:15:02.320

Modified: 2024-11-21T09:23:08.487

Link: CVE-2024-37066

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37066", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "state": "PUBLISHED", "assignerShortName": "HiddenLayer", "dateReserved": "2024-05-31T14:19:09.799Z", "datePublished": "2024-07-19T12:05:11.395Z", "dateUpdated": "2024-08-02T03:43:50.813Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wyze Cam V4 Pro", "vendor": "Wyze", "versions": [{"lessThanOrEqual": "4.52.4.9887", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. "}], "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2024-07-19T12:05:11.395Z"}, "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}, {"url": "https://forums.wyze.com/t/security-advisory/289256"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "wyze", "product": "cam_v4_pro", "cpes": ["cpe:2.3:a:wyze:cam_v4_pro:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.52.4.9887", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T15:24:53.197036Z", "id": "CVE-2024-37066", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T15:27:36.879Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.813Z"}, "title": "CVE Program Container", "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/", "tags": ["x_transferred"]}, {"url": "https://forums.wyze.com/t/security-advisory/289256", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/", "tags": ["x_transferred"]}, {"url": "https://forums.wyze.com/t/security-advisory/289256", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.813Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T15:24:53.197036Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wyze:cam_v4_pro:*:*:*:*:*:*:*:*"], "vendor": "wyze", "product": "cam_v4_pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.52.4.9887"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T15:27:29.081Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wyze", "product": "Wyze Cam V4 Pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.52.4.9887"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}, {"url": "https://forums.wyze.com/t/security-advisory/289256"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2024-07-19T12:05:11.395Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37066", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:43:50.813Z", "dateReserved": "2024-05-31T14:19:09.799Z", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "datePublished": "2024-07-19T12:05:11.395Z", "assignerShortName": "HiddenLayer"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "678B080B-FFD7-4303-8812-CAAF44E3CBBC", "versionEndIncluding": "4.52.4.9887", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7966E04-5847-4556-AD80-A9EF9E27E9D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process."}, {"lang": "es", "value": " Existe una vulnerabilidad de inyecci\u00f3n de comandos en las versiones de firmware Wyze V4 Pro anteriores a la 4.50.4.9222, que permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de Bluetooth como root durante el proceso de configuraci\u00f3n de la c\u00e1mara."}], "id": "CVE-2024-37066", "lastModified": "2024-11-21T09:23:08.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-19T12:15:02.320", "references": [{"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "tags": ["Vendor Advisory"], "url": "https://forums.wyze.com/t/security-advisory/289256"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://forums.wyze.com/t/security-advisory/289256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}], "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}