RCE exploit for Wyze Cam v3 publicly released, patch now

From bleepingcomputer.com

A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.

Wyze Cam v3 is a top-selling, inexpensive indoor/outdoor security camera with support for color night vision, SD card storage, cloud connectivity for smartphone control, IP65 weatherproofing, and more.

Security researcher Peter Geissler (aka bl4sty) recently discovered two flaws in the latest Wyze Cam v3 firmware that can be chained together for remote code execution on vulnerable devices.

The first is a DTLS (Datagram Transport Layer Security) authentication bypass problem in the ‘iCamera’ daemon, allowing attackers to use arbitrary PSKs (Pre-Shared Keys) during the TLS handshake to bypass security measures.

The second flaw manifests after the DTLS authenticated session has been established when the client sends a JSON object.

Read more…