Bitdefender has revealed several vulnerabilities found in Wyze Cam security cameras.
It turned out that one of the bugs existed in the code for about three years and allowed remote access to videos and images stored on local memory cards of cameras without authentication.A bug that has not yet been assigned a CVE identifier allowed accessing the contents of the SD card in the camera through a web server listening on port 80. The fact is that when you insert an SD card into Wyze Cam, a symbolic link to it is automatically created in the directory www, which is served by a web server but does not have any access restrictions.
In addition to the video, audio, and images received from the camera, the SD card also stores all device logs, which contain the UID and ENR (AES encryption key). Disclosure of this data will allow an attacker to gain unhindered remote access to the device.
Interestingly, the vulnerability was discovered by Bitdefender researchers back in March 2019 along with two other issues related to authentication bypass (CVE-2019-9564) and remote control (CVE-2019-12266). These bugs were fixed by the manufacturer in 2019-2020, and the patches were included in the updated firmware versions.
The third and most dangerous bug related to the SD card also received a fix, but it was only released recently – on January 29, 2022. Considering that such devices are usually used on a “set it and forget it” basis, it is likely that most Wyze Cams are still running vulnerable firmware.
It’s also worth mentioning that updates are only available for Wyze Cam v2 and v3 released in February 2018 and October 2020. Wyze Cam v1, released in August 2017, has not received any patches as support for this model was discontinued at the end of 2020.
As a result, Bitdefender experts recommend that users abandon Wyze Cam v1 as soon as possible and stop using outdated cameras altogether, and the rest should update the firmware as soon as possible.
Let me remind you that we wrote that Millions of IoT Devices are at Risk due to Bugs Found in Realtek Wi-Fi SDK, and also that The developers fixed 16 dangerous vulnerabilities in the UEFI of HP devices.