The U.S. Cybersecurity and Infrastructure Safety Company (CISA) is warning of a essential vulnerability in a number of Honeywell CCTV merchandise that permits unauthorized entry to feeds or account hijacking.
Found by researcher Souvik Kanda and tracked as CVE-2026-1670, the security subject is classed as “lacking authentication for essential operate,” and obtained a crtical severity rating of 9.8.
The flaw permits an unauthenticated attacker to vary the restoration electronic mail handle related to a tool account, enabling account takeover and unauthorized entry to digicam feeds.
“The affected product is susceptible to an unauthenticated API endpoint publicity, which can enable an attacker to remotely change the “forgot password” restoration electronic mail handle,” CISA says.
In response to the security advisory, CVE-2026-1670 impacts the next fashions:
- I-HIB2PI-UL 2MP IP 6.1.22.1216
- SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0
- PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0
- 25M IPC WDR_2MP_32M_PTZ_v2.0
Honeywell is a serious international provider of security and video surveillance tools with a broad vary of CCTV digicam fashions and associated merchandise deployed in industrial, industrial, and significant infrastructure settings worldwide.
The corporate provides many NDAA-compliant cameras which are appropriate for deployment in U.S. authorities companies and federal contractors.
The particular mannequin households named in CISA’s advisory are mid-level video surveillance merchandise utilized in small to medium enterprise environments, places of work, and warehouses, a few of which can be a part of essential services.
CISA said that as of February seventeenth there have been no identified studies of public exploitation particularly focusing on this vulnerability.
Nonetheless, the company recommends minimizing community publicity of management system units, isolating them behind firewalls, and utilizing safe distant entry strategies resembling up to date VPN options when distant connectivity is important.
Honeywell has not printed an advisory on CVE-2026-1670, however customers are suggested to contact the corporate’s assist workforce for patch steering.
Trendy IT infrastructure strikes quicker than guide workflows can deal with.
On this new Tines information, find out how your workforce can cut back hidden guide delays, enhance reliability by automated response, and construct and scale clever workflows on prime of instruments you already use.
