Lenovo Webcams Vulnerable to Remote BadUSB Exploitation

First reported

09.08.2025 22:00

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Lenovo webcams running Linux are vulnerable to BadUSB attacks, allowing remote attackers to inject keystrokes and execute malicious commands. The vulnerabilities, codenamed BadCam (CVE-2025-4371), affect select models and can be exploited to compromise systems and maintain persistence. Lenovo has released firmware updates to mitigate the issue. The flaw enables attackers to weaponize webcams already connected to a computer, turning them into BadUSB devices. This marks a significant escalation in BadUSB attacks, as it does not require physical access to the device. The vulnerabilities were disclosed by Eclypsium researchers at DEF CON 33 and involve the lack of firmware validation in affected webcams.

Timeline

09.08.2025 22:00 1 articles · 1mo ago

BadCam Vulnerabilities in Lenovo Webcams Disclosed
Lenovo webcams running Linux are vulnerable to BadUSB attacks, allowing remote attackers to inject keystrokes and execute malicious commands. The vulnerabilities, codenamed BadCam (CVE-2025-4371), were disclosed at DEF CON 33 and affect select models. The flaw enables attackers to weaponize webcams already connected to a computer, turning them into BadUSB devices. This marks a significant escalation in BadUSB attacks, as it does not require physical access to the device. The vulnerabilities were disclosed by Eclypsium researchers at DEF CON 33 and involve the lack of firmware validation in affected webcams.
Show sources

Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
Open in new tab

Information Snippets

The vulnerabilities affect Lenovo 510 FHD and Lenovo Performance FHD webcams.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
BadUSB attacks exploit USB firmware to execute commands or run malicious programs.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
The affected webcams run Linux with USB Gadget support, making them susceptible to BadUSB-style attacks.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
Attackers can remotely reflash the firmware of the webcam to inject keystrokes or deliver malicious payloads.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
The vulnerabilities allow for persistence, enabling re-infection even after the operating system is reinstalled.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
Lenovo has released firmware updates (version 4.8.0) to address the vulnerabilities.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00
The discovery highlights the risk of trusting peripherals that can run their own operating systems and accept remote instructions.
First reported: 09.08.2025 22:00

1 source, 1 article
Show sources
- Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks — thehackernews.com — 09.08.2025 22:00

Summary

Timeline

BadCam Vulnerabilities in Lenovo Webcams Disclosed

Information Snippets