CVE-2024-37066
MEDIUMWyze Cam V4 Firmware < 4.52.4.9887 - OS Command Injection via Bluetooth Setup
Title source: llmDescription
A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
References (2)
Core 2
Core References
Vendor Advisory
https://forums.wyze.com/t/security-advisory/289256
Exploit, Third Party Advisory
https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/
Scores
CVSS v3
6.8
EPSS
0.0183
EPSS Percentile
76.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
wyze/cam_v4_firmware
< 4.52.4.9887
Published
Jul 19, 2024
Tracked Since
Feb 18, 2026