Skip to main content

Nous W3 Camera CVE-2025-56438

MEDIUM
Insufficient Verification of Data Authenticity (CWE-345)
2025-10-24 cve@mitre.org
6.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
6.8 MEDIUM

AV:P because SD card insertion demands physical presence; PR:N since no credentials are needed; full C/I/A from unrestricted root escalation on a single unscoped device.

3.1 AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 04:15 vuln.today

DescriptionCVE.org

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card.

AnalysisAI

The firmware update mechanism in Nous W3 Smart WiFi Camera v1.33.50.82 fails to verify the authenticity or integrity of update archives, enabling a physically proximate unauthenticated attacker to escalate privileges to root by inserting a crafted update.tar on a FAT32 SD card. Full device compromise (C:H/I:H/A:H) is achievable with no authentication and low attack complexity once physical access is obtained. No public exploit has been confirmed via CISA KEV, and the EPSS score of 0.14% (3rd percentile) reflects the limited exploitation probability imposed by the physical access prerequisite.

Technical ContextAI

The root cause is CWE-345 (Insufficient Verification of Data Authenticity): the camera's firmware update subsystem processes update.tar archives read from a FAT32-formatted SD card without performing cryptographic signature verification, integrity checking, or certificate chain validation. This means any archive conforming to the expected format will be applied as a legitimate firmware update, regardless of origin or content. The affected product is Nous W3 Smart WiFi Camera firmware version v1.33.50.82; no NVD CPE string was provided in the available data. The vulnerability is architectural - the update pathway trusts the storage medium rather than the content's provenance, a common failure pattern in embedded IoT firmware update implementations.

Affected ProductsAI

The Nous W3 Smart WiFi Camera running firmware version v1.33.50.82 is confirmed affected per the researcher advisory published at https://github.com/MMarble21/Smart-camera-privilege-escalation/blob/main/ADVISORY.md. No NVD CPE string was assigned in the available data. Whether earlier or later firmware versions share this vulnerability is not confirmed - no vendor advisory has been identified, and the affected version range beyond v1.33.50.82 is unknown at the time of analysis.

RemediationAI

No vendor-released patch has been identified at the time of analysis. The sole reference is the researcher advisory at https://github.com/MMarble21/Smart-camera-privilege-escalation/blob/main/ADVISORY.md, with no corresponding vendor bulletin or patch release confirmed. As compensating controls, deploying the Nous W3 camera in physically secured enclosures where only authorized personnel can access the SD card slot directly eliminates the attack vector - this is the most effective mitigation given the physical-only attack surface. Physically blocking or sealing the SD card slot with tamper-evident measures removes the attack vector entirely but also prevents legitimate SD card use, such as local video storage. Organizations should audit physical access logs for deployed cameras, apply the principle of least physical access, and consider network-level isolation of the camera (firewall rules restricting outbound connections) to limit the blast radius of a compromised device. Monitoring for unexpected firmware version changes or device reboots may serve as an indicator of compromise.

Share

CVE-2025-56438 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy