CVE-2025-50777 – The AZIOT 2MP Smart Wi-Fi CCTV camera firmware ... (How to Fix)

Q: What is the severity of CVE-2025-50777?

CVE-2025-50777 has a CVSS score of 7.8 (HIGH). The AZIOT 2MP Smart Wi-Fi CCTV camera firmware contains an access control vulnerability that allows local attackers to gain root shell access. This exposes Wi-Fi and ONVIF credentials stored in plaintext, enabling network compromise. All users of version V1.00.02 are affected.

📋 TL;DR

The AZIOT 2MP Smart Wi-Fi CCTV camera firmware contains an access control vulnerability that allows local attackers to gain root shell access. This exposes Wi-Fi and ONVIF credentials stored in plaintext, enabling network compromise. All users of version V1.00.02 are affected.

💻 Affected Systems

Products:

AZIOT 2MP Full HD Smart Wi-Fi CCTV Home Security Camera

Versions: V1.00.02

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running this firmware version are vulnerable by default. Physical or network access to the device required.

📦 What is this software?

2mp Full Hd Smart Wi Fi Cctv Home Security Camera Firmware by Aziot

View all CVEs affecting 2mp Full Hd Smart Wi Fi Cctv Home Security Camera Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete network takeover: attacker gains root access, steals all credentials, pivots to other systems, and deploys persistent malware across the network.

🟠

Likely Case

Local attacker gains root access, extracts Wi-Fi and ONVIF credentials, potentially compromising the camera feed and accessing other network resources.

🟢

If Mitigated

With proper network segmentation and access controls, impact limited to isolated camera system only.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local network access. GitHub repository contains proof-of-concept details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://aziot.com

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates. 2. Download latest firmware. 3. Upload via camera web interface. 4. Reboot camera.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate camera on separate VLAN with strict firewall rules

Access Control Lists

all

Restrict network access to camera management interface

🧯 If You Can't Patch

Physically disconnect camera from network if not essential
Place camera behind firewall with strict inbound/outbound rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in camera web interface. If version is V1.00.02, device is vulnerable.

Check Version:

Check via camera web interface at Settings > System > Firmware Version

Verify Fix Applied:

Verify firmware version has been updated beyond V1.00.02. Attempt to access root shell via known exploit methods to confirm fix.

📡 Detection & Monitoring

Log Indicators:

Unexpected root login attempts
Unauthorized shell access logs
Configuration file access

Network Indicators:

Unexpected SSH/Telnet connections to camera
Unusual outbound traffic from camera

SIEM Query:

source="camera_logs" AND (event="root_login" OR event="shell_access")

📊 Metadata

CVE ID: CVE-2025-50777

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

EPSS Score: 0.01% exploit probability (0.9th percentile)

Published: July 30, 2025

Last Updated: August 6, 2025

🔗 References

http://aziot.com Broken Link
https://github.com/veereshgadige/aziot-cctv-cve-2025-50777 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50777, you might also want to check these: