CVE-2019-9564 - OpenCVE

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Wyze	Cam V2 Firmware Cam Pan V2 Firmware Cam Pan V2 Cam V2 Cam V3 Firmware Cam V3

Configuration 1 [-]

AND

cpe:2.3:o:wyze:cam_pan_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_pan_v2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:wyze:cam_v2_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:wyze:cam_v3_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:wyze:cam_v3:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Bitdefender

Published: 2022-03-29T00:00:00

Updated: 2022-06-24T14:59:58

Reserved: 2019-03-04T00:00:00

Link: CVE-2019-9564

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-30T20:15:08.397

Modified: 2023-02-22T17:33:30.363

Link: CVE-2019-9564

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "Cam Pan v2", "vendor": "Wyze", "versions": [{"lessThan": "4.49.1.47", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Cam v2", "vendor": "Wyze", "versions": [{"lessThan": "4.9.8.1002", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Cam v3", "vendor": "Wyze", "versions": [{"lessThan": "4.36.8.32", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Bitdefender Labs"}], "datePublic": "2022-03-29T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "authenti", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-24T14:59:58", "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/"}], "solutions": [{"lang": "en", "value": "An update to the following firmware versions fixes the issue:\n\nWyze Cam Pan v2 firmware version 4.49.1.47.\nWyze Cam v2 firmware version 4.9.8.1002.\nWyze Cam v3 firmware version 4.36.8.32."}], "source": {"discovery": "EXTERNAL"}, "title": "Authentication bypass in Wyze Cam Pan v2, Cam v2 and Cam v3", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-requests@bitdefender.com", "DATE_PUBLIC": "2022-03-29T12:38:00.000Z", "ID": "CVE-2019-9564", "STATE": "PUBLIC", "TITLE": "Authentication bypass in Wyze Cam Pan v2, Cam v2 and Cam v3"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cam Pan v2", "version": {"version_data": [{"version_affected": "<", "version_value": "4.49.1.47"}]}}, {"product_name": "Cam v2", "version": {"version_data": [{"version_affected": "<", "version_value": "4.9.8.1002"}]}}, {"product_name": "Cam v3", "version": {"version_data": [{"version_affected": "<", "version_value": "4.36.8.32"}]}}]}, "vendor_name": "Wyze"}]}}, "credit": [{"lang": "eng", "value": "Bitdefender Labs"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "authenti"}]}]}, "references": {"reference_data": [{"name": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/", "refsource": "MISC", "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/"}]}, "solution": [{"lang": "en", "value": "An update to the following firmware versions fixes the issue:\n\nWyze Cam Pan v2 firmware version 4.49.1.47.\nWyze Cam v2 firmware version 4.9.8.1002.\nWyze Cam v3 firmware version 4.36.8.32."}], "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "assignerShortName": "Bitdefender", "cveId": "CVE-2019-9564", "datePublished": "2022-03-29T00:00:00", "dateReserved": "2019-03-04T00:00:00", "dateUpdated": "2022-06-24T14:59:58", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_pan_v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFB9B059-F660-4D9E-A8FE-4464E36520FE", "versionEndExcluding": "4.49.1.47", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_pan_v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D00DC99-9D9F-40D6-BBC6-82FB97B480B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9CD737D-C13D-4B2D-9C27-E13FEA352737", "versionEndExcluding": "4.9.8.1002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v2:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A4D9556-1751-46C9-96C9-6C7994BE8BD1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:wyze:cam_v3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36A0BA09-1A2F-4389-988B-C2C51D3CEBC0", "versionEndExcluding": "4.36.8.32", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:wyze:cam_v3:-:*:*:*:*:*:*:*", "matchCriteriaId": "C96BD4E4-F38A-4D78-851D-0F879B4D3A16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32."}, {"lang": "es", "value": "Una vulnerabilidad en la l\u00f3gica de autenticaci\u00f3n de Wyze Cam Pan v2, Cam v2, Cam v3 permite a un atacante eludir el inicio de sesi\u00f3n y controlar los dispositivos. Este problema afecta: Las versiones de Wyze Cam Pan v2 anteriores a la 4.49.1.47. Las versiones de Wyze Cam v2 anteriores a la 4.9.8.1002. Las versiones de Wyze Cam v3 anteriores a la 4.36.8.32"}], "id": "CVE-2019-9564", "lastModified": "2023-02-22T17:33:30.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2022-03-30T20:15:08.397", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-wyze-cam-iot-device/"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}