CVE-2024-37066

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-07-19 12:15

Updated : 2024-11-21 09:23


NVD link : CVE-2024-37066

Mitre link : CVE-2024-37066

CVE.ORG link : CVE-2024-37066


JSON object : View

Products Affected

wyze

  • cam_v4_firmware
  • cam_v4
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')