CRITICALCVE-2026-1670Published Modified CNA icscert
CVE-2026-1670: Honeywell CCTV Products Missing Authentication for Critical Function
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 4
Affected packages
- Honeywell / I-HIB2PI-UL 2MP IP6.1.22.1216
- Honeywell / SMB NDAA MVO-3WDR_2MP_32M_PTZ_v2.0
- Honeywell / PTZ WDR 2MP 32MWDR_2MP_32M_PTZ_v2.0
- Honeywell / 25M IPCWDR_2MP_32M_PTZ_v2.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences