{"id":215073,"date":"2026-02-18T15:58:00","date_gmt":"2026-02-18T20:58:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/"},"modified":"2026-02-18T19:20:13","modified_gmt":"2026-02-19T00:20:13","slug":"critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/18\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/","title":{"rendered":"Critical infra Honeywell CCTVs vulnerable to auth bypass flaw"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/\">Critical infra Honeywell CCTVs vulnerable to auth bypass flaw<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-18 15:58:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking.<\/p>\n<p>Discovered by researcher Souvik Kanda and tracked as CVE-2026-1670, the security issue is classified as \u201cmissing authentication for critical function,\u201d and received a crtical severity score of 9.8.<\/p>\n<p>The flaw allows an unauthenticated attacker to change the recovery email address associated with a device account, enabling account takeover and unauthorized access to camera feeds.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/ai-security-board-report-template.jpg\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>\u201cThe affected product is vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the &#8220;forgot password&#8221; recovery email address,\u201d CISA says.<\/p>\n<p>According to the security advisory, CVE-2026-1670 impacts the following models:<\/p>\n<ul>\n<li>I-HIB2PI-UL 2MP IP 6.1.22.1216<\/li>\n<li>SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0<\/li>\n<li>PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0<\/li>\n<li>25M IPC WDR_2MP_32M_PTZ_v2.0<\/li>\n<\/ul>\n<p>Honeywell is a major global supplier of security and video surveillance equipment with a broad range of CCTV camera models\u00a0and related products deployed in commercial, industrial, and critical infrastructure settings worldwide.<\/p>\n<p>The company offers many NDAA-compliant cameras that are suitable for deployment in U.S. government agencies and federal contractors.<\/p>\n<p>The specific model families named in CISA\u2019s advisory are mid-level video surveillance products used in small to medium business environments, offices, and warehouses, some of which may be part of critical facilities.<\/p>\n<p>CISA stated that as of February 17th there were no known reports of public exploitation specifically targeting this vulnerability.<\/p>\n<p>Nonetheless, the agency recommends minimizing network exposure of control system devices, isolating them behind firewalls, and using secure remote access methods such as updated VPN solutions when remote connectivity is necessary.<\/p>\n<p>Honeywell has not&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Critical infra Honeywell CCTVs vulnerable to auth bypass flaw https:\/\/www.bleepingcomputer.com\/news\/security\/critical-infra-honeywell-cctvs-vulnerable-to-auth-bypass-flaw\/ Publish Date: 2026-02-18 15:58:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215074,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/02\/18\/0_Honeywell.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-215073","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215073"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215073"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215073\/revisions"}],"predecessor-version":[{"id":215075,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215073\/revisions\/215075"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215074"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215073"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215073"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215073"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}