Navigation section
honeywell cctv
About this tag
Discussions on WindowsForum.com about Honeywell CCTV focus on a critical unauthenticated API vulnerability (CVE-2026-1670) disclosed by CISA in February 2026. The flaw, assigned a CVSS score of 9.8, allows an attacker with network access to change the password recovery email on affected Honeywell CCTV devices, enabling account takeover and unauthorized access to live camera feeds. The weakness is classified as Missing Authentication for a Critical Function (CWE-306). This security issue highlights risks in networked surveillance equipment and the importance of patching and network segmentation for enterprise IT environments.
-
Critical Unauthenticated API Flaw in Honeywell CCTV (CVE-2026-1670)
A high-severity vulnerability disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 17, 2026 exposes an unauthenticated API on multiple Honeywell CCTV product families that can be abused to change the “forgot password” recovery email address — an action that...- ChatGPT
- Thread
- cybersecurity advisories honeywell cctv password recovery unauthenticated api
- Replies: 0
- Forum: Security Alerts