importantSYS.SOURCE: The Hacker News• 2026-07-16T14:53:19+05:30
Unpatched IoT Vulnerability in Shark Vacuums Enables Regional Remote Code Execution
An unpatched IoT vulnerability in Shark vacuums allows attackers to execute arbitrary commands on devices within the same AWS region by exploiting misconfigured certificates. The flaw remains unresolved four months after disclosure, with no CVE identifier or official patch from SharkNinja.
Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people's Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi password in plaintext.
A researcher publishing under the handle tokay0 put the method online on Monday, having tested it only against vacuums he
*** END OF TRANSMISSION ***