wyze CVE Vulnerabilities & Metrics

Focus on wyze vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About wyze Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with wyze. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total wyze CVEs: 5
Earliest CVE date: 30 Mar 2022, 20:15 UTC
Latest CVE date: 15 May 2024, 13:15 UTC

Latest CVE reference: CVE-2023-6324

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 3

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical wyze CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.5

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	0
7.0-8.9	1
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS wyze CVEs

These are the five CVEs with the highest CVSS scores for wyze, sorted by severity first and recency.

CVE-2019-12266 wyze Published on 30 Mar 2022, 20:15 UTC (CVSS: 10.0)
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
CVE-2019-9564 wyze Published on 30 Mar 2022, 20:15 UTC (CVSS: 7.5)
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
CVE-2023-6324 wyze Published on 15 May 2024, 13:15 UTC (CVSS: 0)
ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity
CVE-2023-6323 wyze Published on 15 May 2024, 13:15 UTC (CVSS: 0)
ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.
CVE-2023-6322 wyze Published on 15 May 2024, 13:15 UTC (CVSS: 0)
A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

All CVEs for wyze

CVE-2023-6324 wyze vulnerability CVSS: 0 15 May 2024, 13:15 UTC

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity

CVE-2023-6323 wyze vulnerability CVSS: 0 15 May 2024, 13:15 UTC

ThroughTek Kalay SDK does not verify the authenticity of received messages, allowing an attacker to impersonate an authoritative server.

CVE-2023-6322 wyze vulnerability CVSS: 0 15 May 2024, 13:15 UTC

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger this vulnerability.

CVE-2019-9564 wyze vulnerability CVSS: 7.5 30 Mar 2022, 20:15 UTC

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.

CVE-2019-12266 wyze vulnerability CVSS: 10.0 30 Mar 2022, 20:15 UTC

Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.