Description

KERUI HD 3MP 1080P Tuya Camera 1.0.4 has a command injection vulnerability in the module that connects to the local network via a QR code. This vulnerability allows an attacker to create a custom, unauthenticated QR code and abuse one of the parameters, either SSID or PASSWORD, in the JSON data contained within the QR code. By that, the attacker can execute arbitrary code on the camera.

INFO

Published Date :

2024-10-30T00:00:00.000Z

Last Modified :

2024-10-31T15:22:03.830Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-48214 vulnerability.

Vendors Products
Keruistore
  • Kerui Hd 3mp 1080p Tuya Camera Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-48214.

URL Resource
https://medium.com/%40shenhavmor/exploiting-a-chinese-camera-for-fun-cve-2024-48214-2d56848870c2 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact