CVE-2024-6246 – This vulnerability allows attackers on the same... (How to Fix)

Q: What is the severity of CVE-2024-6246?

CVE-2024-6246 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers on the same network to execute arbitrary code on Wyze Cam v3 IP cameras without authentication. The flaw exists in the Realtek Wi-Fi driver where improper length validation of incoming data leads to heap buffer overflow. Attackers can gain kernel-level code execution on affected devices.

📋 TL;DR

This vulnerability allows attackers on the same network to execute arbitrary code on Wyze Cam v3 IP cameras without authentication. The flaw exists in the Realtek Wi-Fi driver where improper length validation of incoming data leads to heap buffer overflow. Attackers can gain kernel-level code execution on affected devices.

💻 Affected Systems

Products:

Wyze Cam v3

Versions: All versions prior to patched firmware

Operating Systems: Embedded Linux with Realtek Wi-Fi driver

Default Config Vulnerable: ⚠️ Yes

Notes: All Wyze Cam v3 devices with default configuration are vulnerable. Requires network adjacency but no authentication.

📦 What is this software?

Cam V3 Firmware by Wyze

View all CVEs affecting Cam V3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install persistent malware, access camera feeds, pivot to other network devices, or use the device as part of a botnet.

🟠

Likely Case

Device takeover enabling unauthorized access to camera streams, credential theft, or using the device for network reconnaissance and lateral movement.

🟢

If Mitigated

Limited impact if devices are isolated on separate VLANs with strict network segmentation and access controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

ZDI has published technical details but no public exploit code. The vulnerability requires network access but no authentication, making it attractive for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Wyze firmware updates for specific version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-837/

Restart Required: Yes

Instructions:

1. Log into Wyze app
2. Navigate to device settings
3. Check for firmware updates
4. Apply available updates
5. Device will restart automatically

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IoT devices on separate VLAN with strict firewall rules

Disable Wi-Fi if Wired Available

all

Use Ethernet connection instead of Wi-Fi if supported

🧯 If You Can't Patch

Place cameras on isolated IoT network segment with no access to critical systems
Implement strict firewall rules blocking all unnecessary inbound traffic to cameras

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Wyze app against latest available version from vendor

Check Version:

Check in Wyze app: Device Settings > Device Info > Firmware Version

Verify Fix Applied:

Confirm firmware version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual network traffic patterns to/from cameras
Multiple failed connection attempts followed by successful exploit

Network Indicators:

Unusual outbound connections from cameras
Suspicious Wi-Fi driver related network traffic

SIEM Query:

source_ip IN (camera_ips) AND (protocol="tcp" OR protocol="udp") AND (port NOT IN [expected_ports])

📊 Metadata

CVE ID: CVE-2024-6246

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-122

Published: November 22, 2024

Last Updated: August 8, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-837/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6246, you might also want to check these: