CVE-2024-48214

HIGH

KERUI HD 3MP 1080P Tuya Camera 1.0.4 - Command Injection

Title source: llm

Description

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.

References (1)

Core 1

Core References

Various Sources

https://medium.com/%40shenhavmor/exploiting-a-chinese-camera-for-fun-cve-2024-48214-2d56848870c2

Scores

CVSS v3 8.4

EPSS 0.0097

EPSS Percentile 57.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Published Oct 30, 2024

Tracked Since Feb 18, 2026