CVE Catalog

CVE-2025-65396

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

Risk Assessment

The risk involves physical access to the device enabling full control, potentially leading to theft of sensitive data such as cryptographic keys and configurations, and possible use of the camera for further network attacks.

Recommendation

It is recommended to immediately update the camera firmware to the latest available version if a patch has been released by the vendor. If no update is available, restrict physical access to the device and consider replacing it with a model not affected by this vulnerability.

Original NVD description (English source)

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS