好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。用户已经提供了文章内容和一个示例总结,我需要理解用户的需求,并确保我的总结符合要求。 首先,文章主要讲的是美国网络安全和基础设施安全局(CISA)警告霍尼韦尔多个CCTV产品存在严重漏洞。这个漏洞允许未经授权的访问或账户接管。漏洞编号是CVE-2026-1670,由Souvik Kanda发现,被评为“缺少关键功能的身份验证”,严重性得分为9.8。攻击者可以更改设备账户的恢复邮箱,从而接管账户并访问摄像头画面。CISA建议减少网络暴露,隔离设备,并使用安全的远程访问方法。 接下来,我需要将这些信息浓缩到100字以内。要注意包括关键点:CISA警告、霍尼韦尔CCTV产品、严重漏洞、CVE编号、漏洞影响(如更改恢复邮箱、接管账户)、以及CISA的建议。 同时,用户希望直接写文章描述,不需要以“文章内容总结”等开头。因此,我需要确保语言简洁明了,涵盖所有重要信息。 现在,我来组织语言: 1. CISA警告霍尼韦尔多个CCTV产品存在严重漏洞。 2. 漏洞允许未经授权访问或账户接管。 3. 漏洞编号CVE-2026-1670。 4. 攻击者可更改恢复邮箱,导致账户接管和摄像头访问。 5. CISA建议减少网络暴露和使用安全远程访问方法。 整合这些点: 美国网络安全机构警告霍尼韦尔多个CCTV产品存在严重漏洞(CVE-2026-1670),允许攻击者更改恢复邮箱并接管账户,进而获取摄像头访问权限。该漏洞被评为高危(9.8分)。建议减少设备网络暴露并加强远程访问安全措施。 检查字数:刚好在100字以内,并且涵盖了所有关键点。 </think> 美国网络安全机构警告霍尼韦尔多个CCTV产品存在严重漏洞(CVE-2026-1670),允许攻击者更改恢复邮箱并接管账户,进而获取摄像头访问权限。该漏洞被评为高危(9.8分)。建议减少设备网络暴露并加强远程访问安全措施。 2026-2-18 21:0:31 Author: www.bleepingcomputer.com(查看原文) 阅读量:5 收藏
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking.
Discovered by researcher Souvik Kanda and tracked as CVE-2026-1670, the security issue is classified as “missing authentication for critical function,” and received a crtical severity score of 9.8.
The flaw allows an unauthenticated attacker to change the recovery email address associated with a device account, enabling account takeover and unauthorized access to camera feeds.
“The affected product is vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address,” CISA says.
According to the security advisory, CVE-2026-1670 impacts the following models:
- I-HIB2PI-UL 2MP IP 6.1.22.1216
- SMB NDAA MVO-3 WDR_2MP_32M_PTZ_v2.0
- PTZ WDR 2MP 32M WDR_2MP_32M_PTZ_v2.0
- 25M IPC WDR_2MP_32M_PTZ_v2.0
Honeywell is a major global supplier of security and video surveillance equipment with a broad range of CCTV camera models and related products deployed in commercial, industrial, and critical infrastructure settings worldwide.
The company offers many NDAA-compliant cameras that are suitable for deployment in U.S. government agencies and federal contractors.
The specific model families named in CISA’s advisory are mid-level video surveillance products used in small to medium business environments, offices, and warehouses, some of which may be part of critical facilities.
CISA stated that as of February 17th there were no known reports of public exploitation specifically targeting this vulnerability.
Nonetheless, the agency recommends minimizing network exposure of control system devices, isolating them behind firewalls, and using secure remote access methods such as updated VPN solutions when remote connectivity is necessary.
Honeywell has not published an advisory on CVE-2026-1670, but users are advised to contact the company’s support team for patch guidance.
The future of IT infrastructure is here
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.
如有侵权请联系:admin#unsafe.sh