Impact
An issue in Boyleep K11 security cameras running firmware v.2.3.0.11291 exposes a factory test feature that allows an attacker who can physically reach the device to run arbitrary code on the system. The flaw is rooted in improper access control and is classified as CWE‑284.
Affected Systems
The affected product is the Boyleep K11 security camera with firmware version 2.3.0.11291. Only this specific firmware build is known to contain the flaw; other models or firmware revisions have not been identified as impacted.
Risk and Exploitability
The CVSS score of 6.8 indicates moderate severity, and the EPSS score of less than 1 % indicates that exploitation is currently rare. The bug is not listed in CISA’s KEV catalog, so no known active exploits are publicly documented. Because the attack requires the attacker to be in physical proximity to the camera, the threat is limited to environments where the device can be accessed without authorization.
OpenCVE Enrichment