CVE-2026-36933
Description
A physically proximate attacker can gain root access on Boyleep K11/y108 cameras by placing a crafted microSD card with factory-test files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A physically proximate attacker can gain root access on Boyleep K11/y108 cameras by placing a crafted microSD card with factory-test files.
Vulnerability
The Ease Life (Boyleep) camera firmware version 2.3.0.11291 on the y108/K11 platform includes a factory test feature that remains enabled in production units. The firmware contains a factorytest.sh script that is executed when a microSD card with a specific file structure is inserted at boot. No authentication or physical disassembly is required beyond inserting a prepared SD card. (See [1].)
Exploitation
A physically proximate attacker inserts a microSD card containing the following crafted files: factorytest.sh (arbitrary commands), test.md5sum (checksum for the test script), auth.ini (authentication configuration), and a factorytest/ directory with additional payloads. Upon boot, the camera detects the card and executes the attacker's script with root privileges. (See [1].)
Impact
Successful exploitation results in full root-level command execution on the camera. The attacker can read live video streams, modify firmware, exfiltrate stored footage, or pivot to other devices on the local network. The compromise is complete and persistent. (See [1].)
Mitigation
As of the publication date (2026-06-15), no fixed firmware version has been released by Boyleep. The vendor has not publicly acknowledged the vulnerability. Users are advised to disable the factory test feature if possible, restrict physical access to the device, or consider replacing the camera. No workaround is available. This CVE has not been added to the CISA Known Exploited Vulnerabilities (KEV) catalog. (See [1].)
AI Insight generated on Jun 15, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The factory test feature in the firmware automatically executes scripts from an inserted microSD card without authentication or integrity verification."
Attack vector
A physically proximate attacker inserts a microSD card containing a set of specially crafted files (factorytest.sh, test.md5sum, auth.ini, and a factorytest/ directory). The camera's factory test feature, which remains enabled in the production firmware, automatically processes the card and executes the attacker's commands. No network access or authentication is required — physical access to the microSD slot is sufficient [ref_id=1].
Affected code
The factory test feature in the firmware of Boyleep K11 / y108 cameras (version v2.3.0.11291) is the vulnerable component. The researcher identified that inserting a crafted microSD card triggers execution of scripts via the factory test mechanism, as detailed in the reference write-up [ref_id=1].
What the fix does
No patch is published in the bundle. The advisory [ref_id=1] does not provide a fix; it only documents the vulnerability. The researcher implies that disabling or removing the factory test feature from production firmware would close the attack vector, but no official remediation is available.
Preconditions
- inputPhysical access to the camera's microSD card slot
- configFactory test feature must be enabled in the firmware (default on the affected version)
Generated on Jun 15, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.