CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Critical Authentication Bypass Flaw in Honeywell CCTV Systems

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products allows unauthenticated attackers to change recovery email addresses, enabling account takeover and unauthorized access to camera feeds. The flaw, rated 9.8 in severity, affects mid-level surveillance products used in commercial, industrial, and critical infrastructure settings. As of February 17, 2026, no public exploitation has been reported, but CISA advises mitigations to reduce risk.

Timeline

  1. 18.02.2026 22:58 1 articles · 2h ago

    Critical Authentication Bypass Flaw in Honeywell CCTV Systems Disclosed

    A critical vulnerability (CVE-2026-1670) in multiple Honeywell CCTV products was disclosed, allowing unauthenticated attackers to change recovery email addresses and take over accounts. The flaw, rated 9.8 in severity, affects mid-level surveillance products used in commercial, industrial, and critical infrastructure settings. As of February 17, 2026, no public exploitation has been reported, but CISA advises mitigations to reduce risk.

    Show sources
    Open in new tab

Information Snippets

  • The vulnerability, CVE-2026-1670, is classified as 'missing authentication for critical function' and has a CVSS score of 9.8.

    First reported: 18.02.2026 22:58
    1 source, 1 article
    Show sources

  • The flaw allows attackers to change recovery email addresses, enabling account takeover and unauthorized access to camera feeds.

    First reported: 18.02.2026 22:58
    1 source, 1 article
    Show sources

  • Affected models include I-HIB2PI-UL 2MP IP 6.1.22.1216, SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0, PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0, and 25M IPC WDR_2MP_32M_PTZ_v2.0.

    First reported: 18.02.2026 22:58
    1 source, 1 article
    Show sources

  • Honeywell's products are used in commercial, industrial, and critical infrastructure settings, including U.S. government agencies and federal contractors.

    First reported: 18.02.2026 22:58
    1 source, 1 article
    Show sources

  • As of February 17, 2026, there are no known reports of public exploitation targeting this vulnerability.

    First reported: 18.02.2026 22:58
    1 source, 1 article
    Show sources