CVE-2024-48214 identifies a command injection vulnerability in the KERUI HD 3MP 1080P Tuya Camera firmware version 1.0.4. The vulnerability resides in the QR code processing module used to connect the device to a local network. Specifically, the camera accepts JSON data embedded in a QR code, which includes parameters such as SSID and PASSWORD. Due to insufficient input validation and sanitization, an attacker can craft a malicious QR code with specially crafted SSID or PASSWORD fields that inject commands into the system. This injection allows arbitrary code execution on the camera without requiring authentication or user interaction. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command). The CVSS v3.1 base score is 8.4, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges or user interaction needed. Although no public exploits or patches are currently available, the flaw poses a significant risk to device security and potentially to the broader network environment if exploited.

Successful exploitation of this vulnerability allows attackers to execute arbitrary code on the affected camera, potentially leading to full compromise of the device. This can result in unauthorized access to video feeds, manipulation or deletion of recorded footage, and use of the device as a foothold for lateral movement within the local network. The confidentiality of sensitive surveillance data is at risk, as is the integrity and availability of the camera’s operation. In environments where these cameras are deployed for security monitoring, such a compromise could undermine physical security and privacy. Additionally, compromised cameras could be leveraged in botnets or other malicious campaigns, increasing the threat to organizational networks globally.

Until an official patch is released, organizations should implement network segmentation to isolate affected cameras from critical infrastructure and sensitive data. Disable QR code-based network configuration if possible, or restrict physical and network access to trusted personnel only. Employ network monitoring and intrusion detection systems to identify anomalous behavior or unauthorized command execution attempts originating from or targeting these devices. Regularly audit device firmware versions and configurations, and subscribe to vendor advisories for timely patch deployment. Consider replacing vulnerable devices if mitigation options are limited or if they are deployed in high-risk environments. Additionally, enforce strong network access controls and use VPNs or encrypted tunnels for remote camera access to reduce exposure.