CVE-2025-50777

HIGH

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera V1.00.02 - Incorrect Access Control

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-50777. PoCs published by veereshgadige.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-50777, a local access control vulnerability in AZIOT Smart CCTV firmware V1.00.02. It describes how attackers can gain root shell access via UART console and extract plaintext credentials, including Wi-Fi and ONVIF credentials.

Description

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.

Exploits (1)

nomisec WRITEUP

by veereshgadige · poc

https://github.com/veereshgadige/aziot-cctv-cve-2025-50777

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-50777, a local access control vulnerability in AZIOT Smart CCTV firmware V1.00.02. It describes how attackers can gain root shell access via UART console and extract plaintext credentials, including Wi-Fi and ONVIF credentials.

Classification

Writeup 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (Firmware V1.00.02)

No auth needed

Prerequisites: Physical or local network access to the device · UART console access

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Broken Link

http://aziot.com

Third Party Advisory

https://github.com/veereshgadige/aziot-cctv-cve-2025-50777

Scores

CVSS v3 7.8

EPSS 0.0015

EPSS Percentile 4.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284 CWE-312

Status published

Products (1)

aziot/2mp_full_hd_smart_wi-fi_cctv_home_security_camera_firmware 1.00.02

Published Jul 30, 2025

Tracked Since Feb 18, 2026