CVE-2024-6248 – This vulnerability allows attackers on the same... (How to Fix)

Q: What is the severity of CVE-2024-6248?

CVE-2024-6248 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers on the same network as a Wyze Cam v3 to execute arbitrary code without authentication by exploiting improper authentication in the cloud infrastructure. The flaw uses the device's MAC address as the sole credential, enabling remote code execution as root when combined with other vulnerabilities. All Wyze Cam v3 users with vulnerable cloud infrastructure are affected.

📋 TL;DR

This vulnerability allows attackers on the same network as a Wyze Cam v3 to execute arbitrary code without authentication by exploiting improper authentication in the cloud infrastructure. The flaw uses the device's MAC address as the sole credential, enabling remote code execution as root when combined with other vulnerabilities. All Wyze Cam v3 users with vulnerable cloud infrastructure are affected.

💻 Affected Systems

Products:

Wyze Cam v3

Versions: All versions prior to patched firmware

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires vulnerable cloud infrastructure and network adjacency to the camera. The MAC address authentication flaw exists in the run_action_batch endpoint.

📦 What is this software?

Cam V3 Firmware by Wyze

View all CVEs affecting Cam V3 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the camera with root-level code execution, allowing attackers to access video feeds, pivot to other network devices, or use the camera as part of a botnet.

🟠

Likely Case

Unauthorized access to camera functions, potential video feed interception, and device manipulation for surveillance or denial of service.

🟢

If Mitigated

Limited impact if cameras are isolated on separate VLANs with strict network segmentation and access controls.

🌐 Internet-Facing: MEDIUM - While the vulnerability requires network adjacency, many IoT cameras are exposed to internet via port forwarding or UPnP, increasing attack surface.

🏢 Internal Only: HIGH - Attackers on the same local network can exploit this without authentication to gain root access on cameras.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network adjacency and knowledge of the device's MAC address. The ZDI advisory (ZDI-24-839) provides technical details but no public exploit code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Wyze firmware updates via official app

Vendor Advisory: https://forums.wyze.com/t/security-advisory/289256

Restart Required: Yes

Instructions:

1. Open Wyze app 2. Go to device settings 3. Check for firmware updates 4. Apply any available updates 5. Camera will restart automatically

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Wyze cameras on separate VLAN without internet access

MAC Address Filtering

all

Restrict network access to only allow authorized MAC addresses

🧯 If You Can't Patch

Disconnect cameras from network entirely
Place cameras behind firewall with strict inbound/outbound rules blocking all unnecessary traffic

🔍 How to Verify

Check if Vulnerable:

Check if Wyze Cam v3 is on network and has not received recent firmware updates. Review Wyze app for firmware version information.

Check Version:

Use Wyze mobile app: Device Settings > Device Info > Firmware Version

Verify Fix Applied:

Verify firmware version in Wyze app shows latest version. Test camera functionality remains operational after update.

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts using MAC addresses
Unexpected device reboots or configuration changes
Suspicious network traffic to/from camera on unusual ports

Network Indicators:

Unusual outbound connections from camera
Traffic to run_action_batch endpoint from unauthorized sources
MAC address spoofing attempts

SIEM Query:

source_ip IN (camera_ips) AND (dest_port=80 OR dest_port=443) AND uri_path CONTAINS 'run_action_batch'

📊 Metadata

CVE ID: CVE-2024-6248

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: November 22, 2024

Last Updated: August 8, 2025

🔗 References

https://forums.wyze.com/t/security-advisory/289256 Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-839/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6248, you might also want to check these: