Description
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
Published: 2026-06-15
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An issue in Boyleep K11 security cameras running firmware v.2.3.0.11291 exposes a factory test feature that allows an attacker who can physically reach the device to run arbitrary code on the system. The flaw is rooted in improper access control and is classified as CWE‑284.

Affected Systems

The affected product is the Boyleep K11 security camera with firmware version 2.3.0.11291. Only this specific firmware build is known to contain the flaw; other models or firmware revisions have not been identified as impacted.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity, and the EPSS score of less than 1 % indicates that exploitation is currently rare. The bug is not listed in CISA’s KEV catalog, so no known active exploits are publicly documented. Because the attack requires the attacker to be in physical proximity to the camera, the threat is limited to environments where the device can be accessed without authorization.

Generated by OpenCVE AI on June 18, 2026 at 01:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Boyleep K11 firmware to a version that removes or restricts the factory test feature
  • If an update is unavailable, disable the factory test functionality via the camera’s configuration interface or block access to relevant interfaces through network segmentation or firewall rules
  • Physically secure the device—enclose it or lock it in a tamper‑evidence lock to prevent unauthorized physical access

Generated by OpenCVE AI on June 18, 2026 at 01:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Boyleep
Boyleep k11
Vendors & Products Boyleep
Boyleep k11

Thu, 18 Jun 2026 04:45:00 +0000

Type Values Removed Values Added
Title Factory Test Feature Allows Arbitrary Code Execution in Boyleep K11 Firmware

Wed, 17 Jun 2026 05:15:00 +0000

Type Values Removed Values Added
Title Factory Test Feature Allows Arbitrary Code Execution in Boyleep K11 Firmware

Tue, 16 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 15 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Description An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-16T13:53:45.649Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36933

cve-icon Vulnrichment

Updated: 2026-06-16T13:53:36.740Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T20:16:26.130

Modified: 2026-06-16T15:51:29.037

Link: CVE-2026-36933

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:46:33Z

Weaknesses