CISA urges Honeywell CCTV camera owners to patch critical vulnerability

Multiple Honeywell CCTV camera models are vulnerable to a critical security flaw that could allow unauthorized access to camera feeds and account takeovers, Tech Radar reports.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory detailing a "missing authentication for critical function" flaw, tracked as CVE-2026-1670, with a CVSS score of 9.8 out of 10. This vulnerability could enable unauthenticated attackers to view camera feeds and compromise accounts by changing recovery email addresses. Affected models include specific versions of I-HIB2PI-UL, SMB NDAA MVO-3, PTZ WDR, and 25M IPC cameras. While the flaw is not yet on CISA's Known Exploited Vulnerabilities (KEV) list, the potential for exploitation is high, especially given Honeywell's customer base, which includes critical infrastructure providers and government agencies.

The vulnerability highlights the ongoing risks associated with IoT devices, particularly in industrial and critical infrastructure sectors. CISA's advisory emphasizes the importance of prompt patching and recommends additional security measures such as network segmentation, firewall implementation, and secure VPN usage for remote access.

Source: Tech Radar