CVE-2024-37066 - Vulnerability Details - OpenCVE

A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01332.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Wyze

Wyze Cam V4 Pro

unaffected

Version	Status	Constraints
`0`	affected	≤ 4.52.4.9887

Configuration 1 [-]

AND

cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors	Products
Wyze Subscribe	Cam V4 Subscribe Cam V4 Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-36409	A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://forums.wyze.com/t/security-advisory/289256
https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/

History

Thu, 22 Aug 2024 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wyze Wyze cam V4 Wyze cam V4 Firmware
CPEs		cpe:2.3:h:wyze:cam_v4:::::::: cpe:2.3:o:wyze:cam_v4_firmware::::::::
Vendors & Products		Wyze Wyze cam V4 Wyze cam V4 Firmware

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: HiddenLayer

Published: 2024-07-19T12:05:11.395Z

Updated: 2024-08-02T03:43:50.813Z

Reserved: 2024-05-31T14:19:09.799Z

Link: CVE-2024-37066

Vulnrichment

Updated: 2024-08-02T03:43:50.813Z

NVD

Status : Modified

Published: 2024-07-19T12:15:02.320

Modified: 2024-11-21T09:23:08.487

Link: CVE-2024-37066

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37066", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "state": "PUBLISHED", "assignerShortName": "HiddenLayer", "dateReserved": "2024-05-31T14:19:09.799Z", "datePublished": "2024-07-19T12:05:11.395Z", "dateUpdated": "2024-08-02T03:43:50.813Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wyze Cam V4 Pro", "vendor": "Wyze", "versions": [{"lessThanOrEqual": "4.52.4.9887", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. "}], "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2024-07-19T12:05:11.395Z"}, "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}, {"url": "https://forums.wyze.com/t/security-advisory/289256"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "wyze", "product": "cam_v4_pro", "cpes": ["cpe:2.3:a:wyze:cam_v4_pro:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.52.4.9887", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T15:24:53.197036Z", "id": "CVE-2024-37066", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T15:27:36.879Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.813Z"}, "title": "CVE Program Container", "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/", "tags": ["x_transferred"]}, {"url": "https://forums.wyze.com/t/security-advisory/289256", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/", "tags": ["x_transferred"]}, {"url": "https://forums.wyze.com/t/security-advisory/289256", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:43:50.813Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T15:24:53.197036Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wyze:cam_v4_pro:*:*:*:*:*:*:*:*"], "vendor": "wyze", "product": "cam_v4_pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.52.4.9887"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T15:27:29.081Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wyze", "product": "Wyze Cam V4 Pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.52.4.9887"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}, {"url": "https://forums.wyze.com/t/security-advisory/289256"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process.", "supportingMedia": [{"type": "text/html", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "shortName": "HiddenLayer", "dateUpdated": "2024-07-19T12:05:11.395Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37066", "state": "PUBLISHED", "dateUpdated": "2024-08-02T03:43:50.813Z", "dateReserved": "2024-05-31T14:19:09.799Z", "assignerOrgId": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "datePublished": "2024-07-19T12:05:11.395Z", "assignerShortName": "HiddenLayer"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "678B080B-FFD7-4303-8812-CAAF44E3CBBC", "versionEndIncluding": "4.52.4.9887", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v4:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7966E04-5847-4556-AD80-A9EF9E27E9D7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process."}, {"lang": "es", "value": " Existe una vulnerabilidad de inyecci\u00f3n de comandos en las versiones de firmware Wyze V4 Pro anteriores a la 4.50.4.9222, que permite a los atacantes ejecutar comandos arbitrarios a trav\u00e9s de Bluetooth como root durante el proceso de configuraci\u00f3n de la c\u00e1mara."}], "id": "CVE-2024-37066", "lastModified": "2024-11-21T09:23:08.487", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-19T12:15:02.320", "references": [{"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "tags": ["Vendor Advisory"], "url": "https://forums.wyze.com/t/security-advisory/289256"}, {"source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://forums.wyze.com/t/security-advisory/289256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hiddenlayer.com/sai-security-advisory/2024-7-wyze/"}], "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}