← back
CVE-2025-56438

CVE-2025-56438

CVSS 6.8 MEDIUMEPSS 0.1%CWE-345
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
24 Oct 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://nous.comhttps://github.com/MMarble21/Smart-camera-privilege-escalation/blob/main/ADVISORY.md