PT-2025-46197 · Keruistore · Kerui K259 Firmware

Published

2025-11-10

Updated

2025-11-10

CVE-2025-63296

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware version 33.53.87

Description The KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware has a code execution issue in its boot and update process. During startup, the /usr/sbin/anyka service.sh script scans mounted TF/SD cards. If the file /mnt/update.nor.sh is found on a card, it is copied to /tmp/net.sh and then executed with root privileges. This allows for potential unauthorized code execution.

Recommendations Update to a newer version of the firmware that addresses this issue. As a temporary workaround, avoid using TF/SD cards with the file /update.nor.sh present during the boot process.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2025-63296

Affected Products

Kerui K259 Firmware

PT-2025-46197 · Keruistore · Kerui K259 Firmware

CVE-2025-63296

Weakness Enumeration

Related Identifiers

Affected Products

References · 4