CVE-2025-63296
MEDIUMKERUI K259 Firmware v33.53.87 - Unauthenticated Remote Code Execution via Update Script Injection
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-63296. PoCs published by t4e-3.
AI-analyzed exploit summary CVE-2025-63296 exploits a code execution vulnerability in KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87. The vulnerability allows an attacker with physical access to execute arbitrary commands as root by placing a malicious script named 'update.nor.sh' on an SD/TF card, which is then copied and executed by the device during startup.
Description
KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root.
Exploits (1)
CVE-2025-63296 exploits a code execution vulnerability in KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87. The vulnerability allows an attacker with physical access to execute arbitrary commands as root by placing a malicious script named 'update.nor.sh' on an SD/TF card, which is then copied and executed by the device during startup.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N