CVE-2024-54012
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk17th percentile - higher than 17% of all known CVEs
Summary
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw.
Risk Assessment
An attacker can remotely execute arbitrary commands on the vulnerable device, potentially leading to full compromise of the camera and breach of privacy or system integrity.
Recommendation
Immediately update the camera firmware to the patched version as per the manufacturer's instructions. In the meantime, restrict device access to trusted networks only.
Original NVD description (English source)
Penetration Testing engineers at Amazon discovered a vulnerability where the camera system failed to properly validate input, allowing specially crafted requests containing malicious commands to be executed on the device. The manufacturer has released patch firmware for the flaw; please refer to the manufacturer's report for details and workarounds.

