CVE Catalog

CVE-2025-56438

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability in the firmware update mechanism of Nous W3 Smart WiFi Camera version 1.33.50.82 allows unauthenticated attackers with physical proximity to escalate privileges to root by supplying a crafted update.tar archive stored on a FAT32-formatted SD card.

Risk Assessment

An attacker with physical access to the camera can gain full control over the device, potentially leading to video stream hijacking, configuration modification, or using the camera as an entry point into the internal network.

Recommendation

Immediately update the camera firmware to the latest version if a patch is available from the vendor, and restrict physical access to the device to trusted personnel only.

Original NVD description (English source)

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS