ACCORDING to CISA, Honeywell CCTVs are affected by a critical authentication bypass flaw, CVE-2026-1670, with a CVSS score of 9.8, which could allow an unauthenticated attacker to change the recovery email and take over accounts or access live camera feeds. The vulnerability exploits an unauthenticated API endpoint for password recovery, enabling account takeover and unauthorized access to surveillance streams.
The alert notes that successful exploitation could lead to further network compromise, with attackers able to move laterally within affected environments. The flaw was discovered by cybersecurity researcher Souvik Kandar and impacts several Honeywell CCTV models, including I-HIB2PI-UL 2MP IP 6.1.22.1216, SMB NDAA MVO-3 WDR_2MP_32M_PT/Z_v2.0, PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0, and 25M IPC WDR_2MP_32M_PTZ_v2.0.
CISA recommends isolating control-system devices from the Internet, using firewalls, and employing updated VPNs for remote access, along with risk assessments and ICS security best practices, noting that no active exploitation has been reported.