The Problem with IoT Cloud-Connectivity and How it Exposed All OvrC Devices to Hijacking

Team82 discovered and documented ten vulnerabilities in the OvrC cloud platform and Hub devices that together enable attackers to enumerate cloud-connected IoT devices, bypass claiming protections, impersonate Hubs to unclaim or re-claim devices, and achieve remote code execution on Hub hardware; the flaws could affect roughly 9–10 million devices and enable full device takeover (cameras, power switches, routers, printers, etc.), and were disclosed to SnapOne with coordinated fixes published alongside CISA advisories.