Vulnerability Key Information Summary KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability located in the boot/update logic. During startup, scans mounted TF/SD cards; if the file exists, it is copied to and executed with root privileges, allowing an attacker with physical access to run arbitrary commands. Details Vulnerable Endpoints: - - Trigger File: - (placed in the root directory of a mounted TF/SD card) POC (Proof of Concept) 1. Create a file named in the root directory of an SD/TF card with content: 2. Insert the SD card and reboot the device. 3. Upon successful exploitation, the device copies to , marks it as executable, and executes it, launching a telnet service (or any arbitrary command), granting root shell access. Impact Remote Command Execution and Persistent Backdoor: Attackers can gain root shell access and install persistent mechanisms (e.g., cron, init, boot modifications). Network Pivot and Scanning: Attackers can use the camera to scan and attack devices within the local network. Credential and Media Exfiltration: Stored credentials, tokens, and recorded video/audio can be read and exfiltrated. Firmware/Boot Persistence and Tampering: Attackers can modify firmware or boot components to bypass verification and survive reboots.