[security] Cameras 2019 [official] [|3r4c|<3t5]

[Plasmatic]

Worth a shot Red.

 

[Plasmatic]

The V3's are nice, but it's looking like they're heading towards a subscription based model of business. If they had rtsp I'd buy 5 and replace all the cameras at my house. The sensor is really nice, amazing night vision in full color, with the option of infrared, and night filter.

Also, their new watch offers menstrual health monitoring.

I wonder if it will track my menstrual cycle.

 

[havax]

did you just assume your gender?

 

[Plasmatic]

boys can herstruate too.

 

[Brasstax]

I'll assume he's ginger

 

[clu]

my sister baught me security cams back in ~2018 that i didn't install until last year. does that count? they can see in the dark. p good for watching my cats run away from possum

 

[easilyodd]

Wyze Cam flaw lets hackers remotely access your saved videos

The bug, which has not been assigned a CVE ID, allowed remote users to access the contents of the SD card in the camera via a webserver listening on port 80 without requiring authentication.

It should be noted that the security updates have been made available only for Wyze Cam v2 and v3, released in February 2018 and October 2020, respectively, and not for Wyze Cam v1, released in August 2017.

The older model has reached the end of life in 2020, and since Wyze hadn’t fixed the issue until then, those devices will remain vulnerable to exploitation forever.

If you’re using an actively supported Wyze product, make sure to apply the available firmware updates, deactivate your IoTs when they’re not used, and set up a separate, isolated network exclusively for them.

 

[Plasmatic]

Thanks for the info, I'll have to see if the beta firmware I use for RTSP has been patched. I'd wager it hasn't..

#$%^#*

The authentication bypass flaw tracked as CVE-2019-9564 was addressed by the Wyze team via a security update on September 24, 2019.

The remote execution vulnerability, assigned CVE-2019-12266, was fixed via an app update on November 9, 2020, 21 months after its initial discovery.

The worst treatment of the bunch was reserved for the SD card issue, which was fixed only on January 29, 2022, when Wyze pushed a fixing firmware update.