CVE Details
Basic Information
| Title | Insecure device pairing in end of life Amazon Cloud Cam |
|---|---|
| Type | cve |
| Published | 2025-06-12T19:29:11.082Z |
| Last Seen |
Product Information
| Vendor | Amazon |
|---|---|
| Product | Cloud Cam |
| Version | 0 |
CVSS Information
| Base Score | 7.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The Amazon Cloud Cam, a deprecated home security camera, defaults to an insecure pairing mode that allows arbitrary users to bypass SSL pinning and associate the device with any network, enabling network traffic interception and modification. This vulnerability exists because the device attempts to connect to a deprecated remote service infrastructure. Customers are advised to discontinue using Amazon Cloud Cams. |
|---|---|
| AI Severity | Medium |
| Vendor | Amazon |
| Product | Cloud Cam |
| Affected Version | 0 |
Affected Products
- Amazon Cloud Cam 0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-672 |
| Bulletin Family |
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
We recommend customers discontinue usage of any remaining Amazon Cloud Cams.