CVE 6.5 MEDIUM

CVE-2025-63296_CVE-2025-63296

November 12, 2025 invoker category_cve
6.5 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Description

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root.

Basic Information

ID CVE-2025-63296
Source mitre
Published Nov 10, 2025 at 00:00
Modified Nov 12, 2025 at 20:30

Affected Product

Vendor n/a
Product n/a
Version n/a
Affected Versions n/a n/a n/a

CWE Classification

CWE-77

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.