Three security vulnerabilities have been disclosed in the popular Wyze Cam devices that grant malicious actors to execute arbitrary code and access camera feeds as well as unauthorizedly read the SD cards, the latter of which remained unresolved for nearly three years after the initial discovery. The security flaws relate to an authentication bypass (CVE-2019-9564), a remote code execution bug stemming from a stack-based buffer overflow (CVE-2019-12266), and a case of unauthenticated access to the contents of the SD card (no CVE).
Read full article on The Hacker News