CVE-2025-55810

MEDIUM EPSS 10.2%

Published Nov 13, 20257mo ago · Modified Jun 17, 20261w ago

6.8 CVSS 3.1

Medium

Published Nov 13, 2025 7mo ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in Alaga Home Security WiFi Camera 3K (model S-CW2503C-H) with hardware version V03 and firmware version 1.4.2, which allows physical attackers to execute commands as root via script file with a specific name on a SD card.

CVSS Details

Base Score

6.8

Exploitability

0.9

Impact

5.9

Vector string

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Physical

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

10.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt

Affected Products 2

Vendor	Product	Version	Range
alagaai	s-cw2503c-h_firmware	1.4.2	any
alagaai	s-cw2503c-h	03	any

References 2

alagaai.com https://www.alagaai.com/

Product
mgm-sp.com https://www.mgm-sp.com/privilege-escalation-vulnerability-in-alaga-home-security-wifi-camera

Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.