Honeywell CCTV Products
Summary
Honeywell CCTV products are affected by a vulnerability (CVE-2026-1670) due to missing authentication for critical functions. Successful exploitation could lead to account takeovers and unauthorized access to camera feeds by changing the recovery email address.
IFF Assessment
A critical vulnerability allows unauthorized access and control of CCTV systems, creating a significant risk for defenders.
Severity
Defender Context
This vulnerability allows attackers to change the password recovery email, enabling account takeovers and unauthorized access to camera feeds. Defenders should immediately patch affected Honeywell CCTV products and monitor for suspicious activity related to password recovery attempts. The widespread deployment of these cameras in commercial facilities makes them attractive targets.