Command Injection Vulnerability in Smartwares Wi-Fi Cameras
CVE-2024-13892

7.7HIGH

Key Information:

Vendor: Smartwares
Status: Cip-37210at; C724ip
Vendor: CVE Published:; 6 March 2025

What is CVE-2024-13892?

Certain Smartwares Wi-Fi cameras, including the CIP-37210AT and C724IP, are exposed to a command injection vulnerability due to inadequate input sanitization during the device initialization process. Users must enter Access Point credentials via a mobile application, which does not properly filter the input, allowing attackers to execute arbitrary commands. The vendor has not responded to security inquiries, leaving the patching status uncertain. Additionally, newer firmware versions may also be susceptible.

Affected Version(s)

C724IP 0 <= 3.3.0

CIP-37210AT 0 <= 3.3.0

References

https://cert.pl/en/posts/2025/03/CVE-2024-13892/

third-party-advisory

https://www.smartwares.eu/en-gb/smartwares-cip-37210at-in...

product

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

Michał Majchrowicz (Afine Team)

Marcin Wyczechowski (Afine Team)

JSON