I wanted to share something I discovered recently while doing a network security scan of my own home network using Nmap on Kali Linux.
When I scanned my Wyze Hub I found several open ports that have no business being on a simple cameraPort 9050-TOR Socks TOR is used to route internet traffic anonymously and hide where data is being sent. There is absolutely no legitimate reason a camera hub needs this.
Port 9090 — Zeus-Admin This port is associated with Zeus, a well known banking trojan malware. This one especially concerns me.
Port 23-Telnet Old, outdated, and completely insecure remote access port.
Port 11111 - Unknown service No explanation for this on a camera hub.
I contacted Wyze and was told my network was being improperly scanned. I disagree. These ports showed up consistently across multiple scans.
Given Wyze’s history of security vulnerabilities between 2022 and 2024 including the CVE-2024-37066 root access vulnerability, I think this deserves serious attention from the community.
Has anyone else seen these ports on their Wyze hub? I’d love to know if this is widespread.
I don’t have their hub, but keep in mind that port assignments are not “enforced”. Could have used those ports for some totally other purposes in the past and they just never got closed, or it legitimately uses them for local communications still.
If you’re not exposing the device to the internet, should not be an issue. You can even block those ports outbound on your internet connection and see if it has any negative impact.
Honestly scanning for open ports on LAN devices can be very misleading. Especially since something malicious could very easily be using a port for outbound communication that does not show as “open” when do you do a scan.
Thank you for your response, I appreciate you taking the time.
You make a fair point that port assignments are not strictly enforced and that devices can use ports for purposes other than their labeled service. That is absolutely true and I want to be respectful of that.
However I have a few respectful counterpoints:
On unused ports never getting closed: That is actually the concern itself. Ports that are no longer needed should be closed. Leaving unnecessary ports open is a basic security failure regardless of what is running on them. That is Security 101.
On not being exposed to the internet: This device has direct ethernet access to my main router. If the device itself is compromised through Wyze’s own servers — which has happened before with CVE-2024-37066 — being on a LAN provides very little protection. We have already seen Wyze’s cloud infrastructure get breached multiple times.
On port scanning being misleading: You are correct that malicious outbound traffic can hide on any port. But that actually strengthens my concern rather than dismissing it. If open ports are misleading AND hidden outbound traffic is possible, that is an argument for MORE scrutiny of these devices, not less.
The bigger picture: Wyze has a documented history of serious security failures spanning years. Given that history, dismissing legitimate questions from users about suspicious port behavior does the community a disservice.
I am not claiming this is definitely malicious. I am saying it deserves a straight answer from Wyze directly.
But, between calling the customer service and Filing a claim or dispute it just falls on deaf ears. I have thousands of dollars invested in Wyze and failure after failure. And zero response from them. But, I started looking into this further when my wife’s cc information got taken from our home internet. And I have med-high level security implements in place to keep this sort of thing from happening. But, after taking a deeper dive. It seems almost impossible for it to have been compromised any other way.
Thank you again for your response. But, I’d like to see what others are experiencing on their base stations and if a local scan yields similar/same results.
That’s why all my IOT stuff is on an isolated network. Especially considering most IOTs run generic SOCs with drivers and firmware that the “brand” of the IOT device doesn’t control.
See previous response.
The only secure camera system is a closed circuit one, and if you want remote access, a strong VPN for that purpose.
This just isn’t the sort of thing support will be able to help with (or really even understand). Some Wyze employees are in here from time to time, and the mavens and mods also forward stuff to them. Recently a really old DNS server that was hardcoded into one of the cam models was removed after it was concerning some users, so maybe they’ll be able to clean some of this stuff up. However you need to keep in mind those are old cams and not supported anymore, so it is unlikely they’d do any firmware updates.
Even if you scan a device and find no unexpected open ports, and sniff traffic and see nothing unusual coming from it, that doesn’t mean there is no potential, as you pointed out, Wyze (and just about every IOT company) has had security breaches. That’s why all my IOT stuff gets to play together in their own personal sandbox.
There are some people here that still have base stations so maybe someone can scan theirs, I suspect they’ll find the same thing as yours.