CVE Catalog

CVE-2024-54012

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

17th percentile - higher than 17% of all known CVEs

Summary

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw.

Risk Assessment

An attacker can remotely execute arbitrary commands on the vulnerable device, potentially leading to full compromise of the camera and breach of privacy or system integrity.

Recommendation

Immediately update the camera firmware to the patched version as per the manufacturer's instructions. In the meantime, restrict device access to trusted networks only.

Original NVD description (English source)

Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS