AWS Device Defender overly permissive IoT policy remediation
Advisory/Mitigation
Summary
Hide ▲
Show ▼
AWS's IOT_POLICY_OVERLY_PERMISSIVE_CHECK directs operators to replace broad IoT policies with device-scoped versions, closing a path that can let a compromised certificate affect all devices using the policy. The guidance matters because the same certificate can be used to read or modify cloud-managed device state across a fleet unless the policy is narrowed.
Related Happenings
Shark RV2320EDUS / AV1102ARUS cross-model AWS IoT Exec_Command RCE flaw
Vulnerability
H score78
First: 16.07.2026 12:23
Last: 16.07.2026 12:23
Sources 1
How related:
He proved the cross-model path, landing a reverse shell on an AV1102ARUS he bought purely as a target, then using that shell to pull a live feed off the model's onboard camera while the robot drove around.
About this happening:
A SharkNinja vacuum certificate flaw now enables root command execution on other Shark vacuums in the same AWS region, exposing camera feeds, house maps, and *...
Shark RV2320EDUS / AV1102ARUS cross-model AWS IoT Exec_Command RCE flaw
VulnerabilityHow related: He proved the cross-model path, landing a reverse shell on an AV1102ARUS he bought purely as a target, then using that shell to pull a live feed off the model's onboard camera while the robot drove around.
About this happening: A SharkNinja vacuum certificate flaw now enables root command execution on other Shark vacuums in the same AWS region, exposing camera feeds, house maps, and *...
XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations
Technical Analysis
H score26
First: 23.03.2026 13:55
Last: 23.03.2026 13:55
Sources 1
About this happening:
XM Cyber mapped eight validated attack vectors in AWS Bedrock, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and...
XM Cyber maps eight validated AWS Bedrock attack vectors across connected enterprise integrations
Technical AnalysisAbout this happening: XM Cyber mapped eight validated attack vectors in AWS Bedrock, showing how over-privileged permissions can expose logs, knowledge bases, agents, flows, guardrails, and...
Timeline
-
16.07.2026 12:23 2 articles · 2h ago
AWS Device Defender flags overly permissive IoT policies and recommends scoped replacements
Mitigation Patch UpdateAWS's Device Defender IOT_POLICY_OVERLY_PERMISSIVE_CHECK flags device policies that grant publish or subscribe on $aws/things/* instead of pinning access to ${iot:Connection.Thing.ThingName}; the mitigation is a server-side policy change in AWS rather than a firmware fix, and the owner-side stopgap is to disconnect the vacuum from Wi-Fi until the policy is corrected.
Show sources
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23
- Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide — thehackernews.com — 16.07.2026 12:23