CVE-2025-63296

MEDIUM

Keruistore Kerui K259 Firmware - Command Injection

Title source: rule

Description

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root.

Exploits (1)

nomisec WORKING POC

by t4e-3 · poc

https://github.com/t4e-3/CVE-2025-63296

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://gist.github.com/t4e-3/082cdd0b7ee6b650c7aaae97fd4e016c

[Exploit, Third Party Advisory] https://github.com/t4e-3/CVE-2025-63296

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 26.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-77

Status published

Products (1)

keruistore/kerui_k259_firmware 33.53.87

Published Nov 10, 2025

Tracked Since Feb 18, 2026