You’re best just getting rid of the unit and spending $35 to trade up to the Wyze Cam version 2 or Wyze Cam v3, on both of which these flaws have been fixed. Or you could check out our list of the best home security cameras for even more options. “While versions 2 and 3 have been patched against these vulnerabilities, version 1 has been discontinued and is no longer receiving security fixes,” warned security firm Bitdefender (opens in new tab) in a blog post today (March 29). “Customers who keep using Wyze Cam version 1 are no longer protected and risk having their devices exploited.”

What’s the difference between Wyze Cam v1 and v2?

The only problem is that the Wyze Cam v1, which debuted in 2017, and the Wyze Cam v2, which was released a year later, may look exactly the same. (There’s also a black model of v2.)  We reached out to Wyze’s customer-support chat line and were informed that you can find the device info on the bottom of each camera — v2 units will say “v2” while v1 units won’t. In any case, Wyze ended support for v1 (opens in new tab) back on Feb 1. That’s ironic, because a Bitdefender white paper (opens in new tab) details how it first informed Wyze of these three security flaws back in March 2019, three years ago. Bitdefender says that Wyze fixed or mitigated some of the flaws over the next year and a half without acknowledging Bitdefender’s original messages. Wyze finally replied to Bitdefender in November 2020, according to the security firm’s report, and the two then worked together to verify further fixes. 

Remote takeover

Flaw no. 1, catalogued as CVE-2019-9564, lets you take control of a Wyze cam over the internet without a password. Using this flaw, you “can fully control the device, including motion control (pan/tilt), disabling recording to [the SD card], turning camera on/off,” noted Bitdefender, although you couldn’t view the live feed. This has been fixed on Wyze Cams v2 and v3, but not on Wyze Cam v1. Flaw no. 2, catalogued as CVE-2019-12266, does let you view the live feed. It involves swamping the Wyze’s camera’s internal memory with too much data, letting a remote attacker take total control of the device. It’s not completely clear whether this has been fixed on Wyze Cam v1, but it has been on v2 and v3. Flaw no. 3 is uncatalogued but lets a remote attacker access the contents of the SD card inserted into the camera without any password. This has been mitigated on Wyze Cam v1, but fully fixed only on Wyze Cams v2 and v3.

Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 20Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 25Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 62Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 56Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 14Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 7Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 37


title: “Wyze Patches Serious Flaws On Its Security Cameras But Not Its Oldest One What You Need To Know” ShowToc: true date: “2022-11-04” author: “Carol Edrington”


You’re best just getting rid of the unit and spending $35 to trade up to the Wyze Cam version 2 or Wyze Cam v3, on both of which these flaws have been fixed. Or you could check out our list of the best home security cameras for even more options. “While versions 2 and 3 have been patched against these vulnerabilities, version 1 has been discontinued and is no longer receiving security fixes,” warned security firm Bitdefender (opens in new tab) in a blog post today (March 29). “Customers who keep using Wyze Cam version 1 are no longer protected and risk having their devices exploited.”

What’s the difference between Wyze Cam v1 and v2?

The only problem is that the Wyze Cam v1, which debuted in 2017, and the Wyze Cam v2, which was released a year later, may look exactly the same. (There’s also a black model of v2.)  We reached out to Wyze’s customer-support chat line and were informed that you can find the device info on the bottom of each camera — v2 units will say “v2” while v1 units won’t. In any case, Wyze ended support for v1 (opens in new tab) back on Feb 1. That’s ironic, because a Bitdefender white paper (opens in new tab) details how it first informed Wyze of these three security flaws back in March 2019, three years ago. Bitdefender says that Wyze fixed or mitigated some of the flaws over the next year and a half without acknowledging Bitdefender’s original messages. Wyze finally replied to Bitdefender in November 2020, according to the security firm’s report, and the two then worked together to verify further fixes. 

Remote takeover

Flaw no. 1, catalogued as CVE-2019-9564, lets you take control of a Wyze cam over the internet without a password. Using this flaw, you “can fully control the device, including motion control (pan/tilt), disabling recording to [the SD card], turning camera on/off,” noted Bitdefender, although you couldn’t view the live feed. This has been fixed on Wyze Cams v2 and v3, but not on Wyze Cam v1. Flaw no. 2, catalogued as CVE-2019-12266, does let you view the live feed. It involves swamping the Wyze’s camera’s internal memory with too much data, letting a remote attacker take total control of the device. It’s not completely clear whether this has been fixed on Wyze Cam v1, but it has been on v2 and v3. Flaw no. 3 is uncatalogued but lets a remote attacker access the contents of the SD card inserted into the camera without any password. This has been mitigated on Wyze Cam v1, but fully fixed only on Wyze Cams v2 and v3.

Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 14Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 15Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 96Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 98Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 4Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 42Wyze patches serious flaws on its security cameras  but not its oldest one   what you need to know - 30