Description

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anyka_service.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root.

INFO

Published Date :

2025-11-10T00:00:00.000Z

Last Modified :

2025-11-12T20:30:52.093Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-63296 vulnerability.

Vendors Products
Keruistore
  • K259 5mp Wifi
  • Kerui K259
  • Kerui K259 Firmware
Tuya
  • Tuya
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-63296.

URL Resource
https://gist.github.com/t4e-3/082cdd0b7ee6b650c7aaae97fd4e016c cve-icon cve-icon
https://github.com/t4e-3/CVE-2025-63296 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact