RCE exploit for Wyze Cam v3 publicly released, patch now


A security researcher has disclosed a proof-of-concept (PoC) attack for Wyze Cam v3 devices that creates a reverse shell and allows remote device takeover.

Peter Geissler (aka bl4sty), a security researcher, recently uncovered two holes in the latest Wyze Cam v3 firmware that can be chained together to allow remote code execution on affected devices. The first is a DTLS (Datagram Transport Layer Security) authentication bypass flaw in the ‘iCamera’ daemon, which allows attackers to circumvent security safeguards by using arbitrary PSKs (Pre-Shared Keys) during the TLS handshake.

Read More…