The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory warning about a critical vulnerability affecting multiple Honeywell CCTV camera products that could allow attackers to take over user accounts and gain unauthorized access to camera feeds.
The flaw, tracked as CVE-2026-1670, poses significant risks to organizations relying on these surveillance systems for security monitoring.
Vulnerability Details
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-1670 | 9.8 (Critical) | Missing Authentication for Critical Function |
The vulnerability stems from missing authentication for critical functions within the affected Honeywell CCTV products.
Successful exploitation allows unauthenticated attackers to change recovery email addresses associated with camera accounts, potentially leading to complete account takeovers.
Once compromised, attackers could access live camera feeds, modify security settings, and potentially use the foothold to pivot deeper into connected networks.
The vulnerability impacts several Honeywell CCTV camera models running specific firmware versions, including the I-HIB2PI-UL 2MP IP camera (version 6.1.22.1216), SMB NDAA MVO-3, PTZ WDR 2MP 32M, and 25M IPC models, all running firmware version WDR_2MP_32M_PTZ_v2.0.
These cameras are deployed worldwide, primarily within the commercial facilities sector, making the vulnerability’s impact potentially widespread.
CISA released the advisory (ICSA-26-048-04) on February 17, 2026, after security researcher Souvik Kandar reported the flaw.
The agency emphasizes that no public exploitation targeting this vulnerability has been reported at the time of publication.
Organizations using affected Honeywell CCTV products should immediately implement network segmentation to isolate camera systems from internet-facing networks and business systems.
CISA recommends placing cameras behind firewalls and requiring VPN access for remote management.
Additional defensive measures include conducting thorough impact assessments, implementing defense-in-depth strategies, and monitoring for suspicious account activities or unauthorized configuration changes.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
