By rssfeeds-admin 
The alert details a high-severity security flaw that could allow malicious actors to completely hijack user accounts and gain unauthorized access to sensitive camera feeds.
The vulnerability has been assigned a CVSS v3 score of 9.8, categorizing it as critical. The specific vulnerability, CVE-2026-1670, is a missing authentication issue affecting a critical function.
The flaw allows an unauthenticated attacker to modify the password recovery email address associated with the device without requiring prior login credentials.
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-1670 | 9.8 | Missing Authentication for Critical Function allowing unauthenticated recovery email changes. |
Once the recovery email has been changed to an address controlled by the attacker, they can initiate a password reset to take over the administrative account.
This level of access not only compromises the video feeds but could also serve as a pivot point for further network compromise within the facility. The issue affects multiple versions of Honeywell’s IP and PTZ camera lines.
| Product Name | Affected Version |
|---|---|
| I-HIB2PI-UL 2MP IP | 6.1.22.1216 |
| SMB NDAA MVO-3 | WDR_2MP_32M_PTZ_v2.0 |
| PTZ WDR 2MP 32M | WDR_2MP_32M_PTZ_v2.0 |
| 25M IPC | WDR_2MP_32M_PTZ_v2.0 |
Security researcher Souvik Kandar has been credited with discovering and reporting this vulnerability to CISA. The affected equipment is deployed worldwide, primarily within the commercial facilities sector.
CISA has not reported any known public exploitation of this vulnerability at the time of publication. However, immediate action is recommended due to the ease of exploitation.
Administrators are advised to minimize network exposure for all control system devices, ensuring they are never directly accessible from the open Internet.
Control system networks should be located behind firewalls and isolated from business networks to prevent lateral movement.
For organizations requiring remote access, CISA suggests using secure methods such as Virtual Private Networks (VPNs), while ensuring the VPN devices themselves are updated to the latest versions.
Users are also encouraged to implement social engineering defenses, as attackers often use phishing to gain initial entry before exploiting internal vulnerabilities.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post CISA Warns of Honeywell CCTV Products Vulnerability Leads to Account Takeovers appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.