CVE-2025-25680

Severity CVSS v4.0:
Pending analysis
Type:
CWE-94 Code Injection
Publication date:
11/03/2025
Last modified:
21/03/2025

Description

LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera.