CVE-2025-55810

MEDIUM

Alaga Home Security WiFi Camera 3K - Command Injection

Title source: llm

Description

A vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card.

References (2)

Core 2

Core References

Product

https://www.alagaai.com/

Broken Link

https://www.mgm-sp.com/privilege-escalation-vulnerability-in-alaga-home-security-wifi-camera

Scores

CVSS v3 6.8

EPSS 0.0002

EPSS Percentile 6.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

alagaai/s-cw2503c-h_firmware 1.4.2

Published Nov 13, 2025

Tracked Since Feb 18, 2026