The U.S. Cybersecurity and Infrastructure Safety Company (CISA) is warning of a vital vulnerability in a number of Honeywell CCTV merchandise that enables unauthorized entry to feeds or account hijacking.
Found by researcher Souvik Kanda and tracked as CVE-2026-1670, the safety challenge is classed as “lacking authentication for vital operate,” and obtained a crtical severity rating of 9.8.
The flaw permits an unauthenticated attacker to vary the restoration e mail deal with related to a tool account, enabling account takeover and unauthorized entry to digital camera feeds.
“The affected product is weak to an unauthenticated API endpoint publicity, which can permit an attacker to remotely change the “forgot password” restoration e mail deal with,” CISA says.
Based on the safety advisory, CVE-2026-1670 impacts the next fashions:
- I-HIB2PI-UL 2MP IP 6.1.22.1216
- SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0
- PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0
- 25M IPC WDR_2MP_32M_PTZ_v2.0
Honeywell is a significant world provider of safety and video surveillance gear with a broad vary of CCTV digital camera fashions and associated merchandise deployed in industrial, industrial, and demanding infrastructure settings worldwide.
The corporate gives many NDAA-compliant cameras which can be appropriate for deployment in U.S. authorities businesses and federal contractors.
The particular mannequin households named in CISA’s advisory are mid-level video surveillance merchandise utilized in small to medium enterprise environments, workplaces, and warehouses, a few of which can be a part of vital amenities.
CISA acknowledged that as of February seventeenth there have been no identified stories of public exploitation particularly concentrating on this vulnerability.
Nonetheless, the company recommends minimizing community publicity of management system gadgets, isolating them behind firewalls, and utilizing safe distant entry strategies akin to up to date VPN options when distant connectivity is critical.
Honeywell has not revealed an advisory on CVE-2026-1670, however customers are suggested to contact the corporate’s assist workforce for patch steerage.
Trendy IT infrastructure strikes quicker than handbook workflows can deal with.
On this new Tines information, learn the way your workforce can cut back hidden handbook delays, enhance reliability via automated response, and construct and scale clever workflows on high of instruments you already use.
