CVE-2019-16398

MEDIUM

Keeper K5 <20.1.0.25-20.1.0.63 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16398. PoCs published by crypt0crc.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-16398, which leverages a pre-authentication RCE vulnerability in the Keeper K5 HD Network Camera. The exploit involves placing a malicious script named 'zskj_script_run.sh' on an SD card, which the camera executes with root privileges upon insertion.

Description

On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell.

Exploits (1)

gitlab WORKING POC

by crypt0crc · poc

https://gitlab.com/crypt0crc/cve-2019-16398

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-16398, which leverages a pre-authentication RCE vulnerability in the Keeper K5 HD Network Camera. The exploit involves placing a malicious script named 'zskj_script_run.sh' on an SD card, which the camera executes with root privileges upon insertion.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Keeper K5 HD Network Camera (firmware versions 20.1.0.25 and 20.1.0.63)

No auth needed

Prerequisites: physical access to the camera to insert the SD card

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://gitlab.com/crypt0crc/cve-2019-16398

Scores

CVSS v3 6.8

EPSS 0.0081

EPSS Percentile 52.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-345

Status published

Products (2)

keeper/k5_firmware 20.1.0.25

keeper/k5_firmware 20.1.0.63

Published Sep 19, 2019

Tracked Since Feb 18, 2026