SecuriTricks - CVE-2025-55810

Description

A vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card.

Product(s) Impacted

Vendor	Product	Versions
Alaga	Home Security Wifi Camera	s-cw2503c-h

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	alaga	home_security_wifi_camera	s-cw2503c-h	1.4.2	/	/	/	/	/	/

References

https://www.alagaai.com/

https://www.mgm-sp.com/privilege-escalation-vulnerability-in-alaga-home-security-wifi-camera

CVSS Score

6.8 / 10

CVSS Data - 3.1

Attack Vector: PHYSICAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Nov. 13, 2025, 8:15 p.m.
Last Modified: Nov. 14, 2025, 6:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2025-55810