Intelligence
criticalVulnerabilityEmerging

Honeywell CCTV Products Vulnerability Allows Account Takeover

Honeywell CCTV products have a critical vulnerability (CVE-2026-1670) that allows unauthenticated attackers to change recovery email addresses, leading to account takeovers and unauthorized access to camera feeds.

S
Sebastion

CVE References

CVE-2026-1670

Affected

I-HIB2PI-UL 2MP IP 6.1.22.1216SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.025M IPC WDR_2MP_32M_PTZ_v2.0

The vulnerability in Honeywell's CCTV products (CVE-2026-1670) is critical as it allows unauthenticated attackers to manipulate recovery email addresses, enabling unauthorized access and potential network compromise. This issue affects multiple product versions, highlighting a significant flaw in their authentication mechanisms. Attackers could exploit this to gain control over camera feeds, posing serious risks to security systems relying on these devices. Immediate action is required by users to update affected products and monitor for any异常activity. The broader implication underscores the importance of securing IoT devices against unauthenticated attacks, especially those with network access capabilities.

Sources

honeywellcctvcve-2026-1670iotnetwork-access
Back to intelligence