A critical security flaw affecting multiple Honeywell CCTV cameras has prompted a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, tracked as CVE-2026-1670, could allow unauthorized access to camera feeds and even complete account takeover, raising concerns for businesses and infrastructure relying on these systems for security.
The issue stems from a “missing authentication for critical function,” earning it a critical severity score of 9.8, according to CISA. Essentially, an attacker doesn’t need a username or password to exploit the flaw. They can manipulate an unauthenticated API endpoint to change the recovery email address associated with a device account. This allows them to hijack the account and gain control of the camera’s live feed.
The vulnerability was discovered by security researcher Souvik Kanda, who has now identified 44 vulnerabilities in industrial control systems and cyber-physical systems. Kanda highlighted the importance of responsible disclosure and collaboration with agencies like CISA, Honeywell, and Tiandy to address these security gaps. He emphasized that finding these vulnerabilities is about making the world a safer place, one disclosure at a time, as noted in a LinkedIn post.
Affected Honeywell CCTV Models
The CISA advisory specifically names four Honeywell CCTV models as being impacted by CVE-2026-1670:
- I-HIB2PI-UL 2MP IP 6.1.22.1216
- SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0
- PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0
- 25M IPC WDR_2MP_32M_PTZ_v2.0
Honeywell is a significant global provider of security and video surveillance equipment, with its products widely deployed in commercial, industrial, and critical infrastructure settings. Many of its cameras are also compliant with the National Defense Authorization Act (NDAA), making them suitable for use by U.S. Government agencies and federal contractors, as Honeywell details on its website.
Potential Impact and Mitigation
Although the affected models are described as mid-level products often used in small to medium-sized businesses, offices, and warehouses, some may also be integrated into critical facilities. This broad deployment underscores the potential for widespread impact if the vulnerability were to be exploited. As of February 17th, CISA reported no known public exploitation of this specific vulnerability, but the agency is urging users to take preventative measures.
CISA recommends minimizing the network exposure of control system devices, isolating them behind firewalls, and utilizing secure remote access methods, such as updated Virtual Private Networks (VPNs), when remote connectivity is necessary. These steps can significantly reduce the risk of unauthorized access and potential compromise.
Currently, Honeywell has not released a public advisory regarding CVE-2026-1670. Users are advised to contact Honeywell’s support team directly for guidance on patching and mitigation strategies. The company’s support channels will be the primary source for official updates and remediation instructions.
This incident highlights the ongoing challenges of securing the Internet of Things (IoT) and Operational Technology (OT) environments. As more devices become connected, the attack surface expands, creating new opportunities for malicious actors. Proactive security measures, diligent patching, and robust network segmentation are essential for protecting critical infrastructure and sensitive data.
The situation remains fluid, and users of affected Honeywell CCTV models should prioritize contacting the company’s support team for the latest information, and guidance. CISA will likely continue to monitor the situation and provide updates as they become available. The agency’s advisory, ICSA-26-048-04, serves as the central resource for technical details and recommended actions.
If you rely on Honeywell CCTV systems, please share your experiences and concerns in the comments below. Your feedback can help others stay informed and secure.
