Security-advisory

Wyze Cam v4:

4.52.7.0367 - release: 07/11/2024

• Fixed command injection

Wyze Cam v3:

4.36.11.7095 - release: 10/25/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.36.11.8391 - release : 1/18/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed buffer overflow in RealTek driver

• Fixed Realtek 802.11 header fragmentation security issue

• Fixed stack buffer overflow in JSON unpacking

Wyze Cam Pan v2:

4.49.11.7095 - release: 10/31/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.49.11.8391 - release: 1/22/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed buffer overflow in RealTek driver

• Fixed Realtek 802.11 header fragmentation security issue

• Fixed stack buffer overflow in JSON unpacking

Wyze Cam v3 Pro:

4.58.11.7357 - release: 11/08/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.58.11.8391 - release: 1/22/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed buffer overflow in RealTek driver

• Fixed Realtek 802.11 header fragmentation security issue

• Fixed stack buffer overflow in JSON unpacking

Wyze Cam v2:

4.9.9.2847 - 100% public release: 11/06/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.9.9.3006 - release : 1/23/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed buffer overflow in RealTek driver

• Fixed Realtek 802.11 header fragmentation security issue

• Fixed stack buffer overflow in JSON unpacking

Wyze Cam Pan v1:

4.10.9.2847 - release: 11/06/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.10.9.3006 - release : 1/23/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed buffer overflow in RealTek driver

• Fixed Realtek 802.11 header fragmentation security issue

• Fixed stack buffer overflow in JSON unpacking

Wyze Cam Pan v3:

4.50.4.7252 - release: 11/02/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.50.4.8409 - release: 1/23/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed stack buffer overflow in JSON unpacking

Wyze Cam Outdoor Base Station:

4.16.4.512 - release: 11/06/2023

• Fixed authentication bypass

4.16.4.523 - release: 1/24/2024

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

Wyze Cam Outdoor v1:

4.17.4.427 - release: 11/06/2023

• Fixed stack buffer overflow in IOCTL

Wyze Cam Outdoor v2:

4.48.4.427 - release: 11/06/2023

• Fixed stack buffer overflow in IOCTL

Wyze Video Doorbell v1:

4.25.1.316 - release: 11/02/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in IOCTL

4.25.1.333 - release: 1/24/2024

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed buffer overflow in RealTek driver

• Fixed Realtek 802.11 header fragmentation security issue

Wyze Video Doorbell v2:

4.51.1.7518 - release: 11/06/2023

• Fixed authentication bypass

• Fixed stack buffer overflow in ioctl

4.51.1.8444 - release: 1/24/2024

• Fixed Wi-Fi SSID command injection

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed stack buffer overflow in JSON unpacking

Wyze Floodlight v2:

4.53.2.8430 - release : 1/23/2024

• Fixed leaking Authkey

• Fixed stack buffer overflow memcpy

• Fixed stack buffer overflow in command handler

• Fixed stack buffer overflow in JSON unpacking

WOW! I honestly never expected this much transparency on which security improvements were made in the firmware! I like that you waited a while to post it all so that most people will have had the time to update to the new firmware first, and then revealed how busy you’ve been making improvements since way back in November. Sounds like Wyze has made a lot of active effort in looking for more and more things to improve security constantly as promised. I just never expected you’d be transparent about so many of the things you’ve been working on that weren’t public yet. This is great!

Wow, that’s a lot of fixes, and it’s cool to see how much work is being done on these issues.

It also goes to show how important it is to keep your devices up to date.

Thanks for this list, and thanks for not releasing it till we got updated!

I noticed the Video Doorbell Pro has not gotten an update in a while 1.0.73 3/1/2023.
Hopefully it is OK!

The is amazing. Thanks for the information and transparency.

You all have been busy.

I don’t know what most of this means but judging by all the acronyms it’s serious!

Great for the WCO updates in November that were security updates… however bring back “no cooldown” for cam plus please lol