Security
Exposed: Security Vulnerability in Honeywell CCTVs Allows Unauthorized Access
Critical Vulnerability Found in Honeywell CCTVs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a critical security flaw in several Honeywell CCTV products. This vulnerability could potentially lead to unauthorized access to camera feeds or account hijacking.
Discovered by researcher Souvik Kanda and identified as CVE-2026-1670, this security issue is categorized as “missing authentication for critical function” and has been given a severity score of 9.8, indicating its critical nature.
The vulnerability allows an unauthenticated attacker to manipulate the recovery email address associated with a device account, ultimately granting them access to camera feeds without authorization.
CISA has stated, “The affected product is vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the ‘forgot password’ recovery email address.”
According to the security advisory, the following models are impacted by CVE-2026-1670:
- I-HIB2PI-UL 2MP IP 6.1.22.1216
- SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0
- PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0
- 25M IPC WDR_2MP_32M_PTZ_v2.0
Honeywell is a leading global provider of security and video surveillance equipment, offering a wide range of CCTV camera models and related products utilized in commercial, industrial, and critical infrastructure environments worldwide.
The company offers several NDAA-compliant cameras suitable for deployment in U.S. government agencies and federal contractors.
The specific model families mentioned in CISA’s advisory are mid-level video surveillance products commonly used in small to medium business settings, offices, warehouses, and potentially critical facilities.
As of February 17th, there have been no reported instances of public exploitation targeting this vulnerability. However, CISA recommends minimizing network exposure of control system devices by isolating them behind firewalls and utilizing secure remote access methods, such as updated VPN solutions, when necessary for remote connectivity.
Although Honeywell has not released an advisory on CVE-2026-1670, users are encouraged to reach out to the company’s support team for guidance on patching the vulnerability.
Modern IT infrastructure outpaces manual workflows. Learn how to reduce delays, enhance reliability with automated responses, and create intelligent workflows using familiar tools in the new Tines guide.
The Ultimate Guide: Everything You Need to Know in 2026
Secure Access: Biometric Passwordless Login and Enhanced EU Digital Wallet Protection
Hyundai Issues Recall for 2026 Kona SUVs Over Steering Knuckle Defects
Exposed: Security Vulnerability in Honeywell CCTVs Allows Unauthorized Access
Sacrificing Souls: A chilling Arctic mansion mystery card-battler from the creators of The Blackout Club
Uncovering the Top 3 Reasons to Invest in the Google Pixel 10a
Revolutionizing Startup Finances: The Impact of AI-Powered Fintech
Navigating the Cloud: A Deep Dive into Cloud Computing for Manufacturing
![iOS 26.4 changes and features - everything new [Video]](https://bennetttechinnovation.com/wp-content/uploads/2026/02/Exploring-the-Latest-iOS-264-Updates-and-Features-Video-80x80.jpg)
Exploring the Latest iOS 26.4 Updates and Features [Video]
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook and Instagram to Reduce Personalized Ads for European Users
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Breaking Updates: Meta Connect 2025 Unveils Latest Developments
How this Robot changed my life. 🤖
Unboxing WORLD’S FIRST Next-Gen 2022 phone.
I bought the BIGGEST Tech in the world.
Oppo Find N Unboxing – Did they just kill Samsung!?
50 Facts about me | Mrwhosetheboss
19 TOXIC Tech Fails that will last Forever.
Realme GT 2 Pro – The Record-Breaking 2022 Flagship⚡️
21 Inventions that will Save the World.
Escobar launched a new product – it’s their WORST ever.
-
Facebook4 months agoEU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
-
Facebook4 months agoWarning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
-
Facebook4 months agoFacebook Compliance: ICE-tracking Page Removed After US Government Intervention
-
Facebook4 months agoInstaDub: Meta’s AI Translation Tool for Instagram Videos
-
Facebook2 months agoFacebook’s New Look: A Blend of Instagram’s Style
-
Facebook2 months agoFacebook and Instagram to Reduce Personalized Ads for European Users
-
Facebook3 months agoReclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
-
Apple4 months agoMeta discontinues Messenger apps for Windows and macOS
