By rssfeeds-admin 
Tracked as CVE-2026-1670, this flaw carries a CVSS score of 9.8, marking it as one of the most severe issues in industrial control systems this year.
Security researcher Souvik Kandar discovered the problem, prompting CISA to publish advisory ICSA-26-048-04 on February 17, 2026.
While no active exploitation has surfaced publicly, the vulnerability’s simplicity missing authentication for critical functions, makes it a prime target for attackers scanning internet-exposed devices.
At its core, CVE-2026-1670 allows unauthenticated remote attackers to alter recovery email addresses tied to camera accounts.
This bypasses standard login protections, handing full control to malicious actors. Compromised accounts grant live access to camera feeds, the ability to tweak security configurations, and a potential launchpad for lateral movement into broader networks.
Honeywell’s affected models include the I-HIB2PI-UL 2MP IP camera running firmware 6.1.22.1216, as well as SMB NDAA MVO-3, PTZ WDR 2MP 32M, and 25M IPC variants on firmware WDR_2MP_32M_PTZ_v2.0.
These cameras power surveillance in commercial facilities worldwide, amplifying the risk to sectors like retail, manufacturing, and critical infrastructure.
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-1670 | 9.8 (Critical) | Missing Authentication for Critical Function |
Mitigation Strategies and Broader Implications
CISA urges immediate action to curb exposure. Organizations should segment camera networks, isolating them from internet-facing and internal business systems using firewalls.
Remote management demands VPN enforcement to block direct exposure. Beyond basics, conduct vulnerability impact assessments, layer defenses with intrusion detection, and monitor logs for oddities like unauthorized email changes or feed accesses.
Honeywell has not yet detailed patches, so affected users must prioritize these workarounds while awaiting firmware updates.
This incident underscores persistent IoT security gaps in surveillance gear, where convenience often trumps robust authentication.
Attackers could leverage taken-over cameras for espionage, ransomware staging, or as pivots in supply chain assaults, echoing recent trends in connected device exploits.
Facilities managers in high-stakes environments face elevated urgency, as widespread deployments mean a single flaw ripples globally.
CISA’s advisory stresses proactive hunting for the vulnerability via network scans and firmware verification.
For full details, review the official CISA advisory. Staying vigilant remains key in an era of silent spies lurking in plain sight.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google
The post CISA Warns Honeywell CCTV Vulnerability Enables Account Takeovers appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.