Vulnerabilities > Wyze
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-19 | CVE-2024-37066 | OS Command Injection vulnerability in Wyze CAM V4 Firmware A command injection vulnerability exists in Wyze V4 Pro firmware versions before 4.50.4.9222, which allows attackers to execute arbitrary commands over Bluetooth as root during the camera setup process. | 8.8 |
| 2024-05-15 | CVE-2023-6322 | Out-of-bounds Write vulnerability in multiple products A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. | 8.8 |
| 2024-05-15 | CVE-2023-6323 | ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server. | 6.5 |
| 2024-05-15 | CVE-2023-6324 | Use of Uninitialized Resource vulnerability in multiple products ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity | 8.8 |
| 2022-03-30 | CVE-2019-12266 | Out-of-bounds Write vulnerability in Wyze products Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. | 9.8 |
| 2022-03-30 | CVE-2019-9564 | Improper Authentication vulnerability in Wyze products A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. | 9.8 |