CVE-2025-50777

HIGH

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera V1.00.02 - Incorrect Access Control

Title source: llm

Description

The firmware of the AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera (version V1.00.02) contains an Incorrect Access Control vulnerability that allows local attackers to gain root shell access. Once accessed, the device exposes critical data including Wi-Fi credentials and ONVIF service credentials stored in plaintext, enabling further compromise of the network and connected systems.

Exploits (1)

nomisec WRITEUP

by veereshgadige · poc

https://github.com/veereshgadige/aziot-cctv-cve-2025-50777

View Code ZIP pw:eip

References (2)

[Broken Link] http://aziot.com

[Third Party Advisory] https://github.com/veereshgadige/aziot-cctv-cve-2025-50777

Scores

CVSS v3 7.8

EPSS 0.0001

EPSS Percentile 3.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-284 CWE-312

Status published

Products (1)

aziot/2mp_full_hd_smart_wi-fi_cctv_home_security_camera_firmware 1.00.02

Published Jul 30, 2025

Tracked Since Feb 18, 2026