CVE-2026-36933
Received Received - Intake
Arbitrary Code Execution in Boyleep K11 Firmware

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: MITRE

Description
An issue in Boyleep K11, y108 firmware v.2.3.0.11291 allows a physically proximate attacker to execute arbitrary code via the factory test feature.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-15
EPSS Evaluated
N/A
NVD
CVE-2026-36933
EUVD
EUVD-2026-36749
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
boyleep k11 2.3.0.11291
ease_life surveillance_camera 2.3.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Boyleep K11, y108 firmware version 2.3.0.11291, specifically in the Ease Life surveillance camera. It allows a physically proximate attacker to execute arbitrary code by exploiting the factory test feature that is enabled by default.

The attacker can insert a microSD card containing specially crafted files into the device. These files interact with the factorytest.sh script and related components such as test.md5sum and auth.ini within the factorytest directory, enabling the attacker to gain root access.

The exploit involves reverse engineering the firmware, extracting it from SPI flash memory, and analyzing the binary to identify insecure factory reset functionality. The camera's weak security posture, including no exposed services and reliance on encrypted firmware updates, makes this vulnerability critical.

Impact Analysis

Successful exploitation of this vulnerability grants an attacker full control over the affected device.

  • The attacker can execute arbitrary commands with root privileges.
  • This can lead to compromise of user privacy by accessing or manipulating video feeds or stored data.
  • It can also compromise network security by using the device as a foothold for further attacks within the network.
Detection Guidance

This vulnerability can be detected by checking if the device has the factory test mode enabled by default and if it is possible to access the factorytest directory on the device's microSD card or storage.

Specifically, detection involves verifying the presence of files such as factorytest.sh, test.md5sum, and auth.ini within the factorytest directory on the device.

Since the exploit requires physical access to insert a microSD card with crafted files, network detection might be limited; however, inspecting the device firmware or filesystem for these components can help identify vulnerability.

Suggested commands (assuming access to the device shell or extracted firmware filesystem):

  • ls /factorytest/ # Check for presence of factorytest.sh, test.md5sum, auth.ini
  • cat /factorytest/factorytest.sh # Review the script for insecure code
  • Check for microSD card insertion and contents if physically accessible.
Mitigation Strategies

Immediate mitigation steps include disabling or removing the factory test feature that is enabled by default on the device.

Physically restricting access to the device to prevent insertion of malicious microSD cards is critical.

If possible, update the device firmware to a version that patches this vulnerability or apply vendor-provided fixes.

Review and remove or secure the factorytest directory and related scripts such as factorytest.sh, test.md5sum, and auth.ini to prevent exploitation.

Monitor the device for any unauthorized physical access or suspicious activity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-36933. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart