cbcvebase.
CVE-2026-1670
published 2026-02-17

CVE-2026-1670: The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery…

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.83%
53.0th percentile
The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Affected

4 ranges
VendorProductVersion rangeFixed in
honeywell25m_ipc
honeywelli-hib2pi-ul_2mp_ip
honeywellptz_wdr_2mp_32m
honeywellsmb_ndaa_mvo-3

Detection & IOCsextracted from sources · hover to see the quote

  • Target: unauthenticated API endpoint on Honeywell HIB2PI/HDZ Series CCTV cameras that allows changing the 'forgot password' recovery email address without authentication (CWE-306). Monitor for unexpected API calls to password-recovery/email-change endpoints from unauthenticated sessions.
  • Affected firmware versions to fingerprint on the network: I-HIB2PI-UL 2MP IP firmware 6.1.22.1216, SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0, PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0, 25M IPC WDR_2MP_32M_PTZ_v2.0. Identify these devices via banner grabbing or asset inventory.
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H — network-reachable, no credentials required, no user interaction. Prioritize blocking external/internet access to these devices and alert on any unauthenticated HTTP requests to account/password-recovery API paths.
  • ·All firmware versions of Honeywell I-HIB2PI-UL are affected (vers:all/*); the product has been discontinued since April 2025, so no firmware patch may be forthcoming — contact Honeywell support for guidance.
  • ·No known public exploitation has been reported as of the advisory date; however, the unauthenticated nature (no credentials, no interaction) makes opportunistic exploitation straightforward once devices are internet-exposed.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.