CVE-2025-65396
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.
Risk Assessment
The risk involves physical access to the device enabling full control, potentially leading to theft of sensitive data such as cryptographic keys and configurations, and possible use of the camera for further network attacks.
Recommendation
It is recommended to immediately update the camera firmware to the latest available version if a patch has been released by the vendor. If no update is available, restrict physical access to the device and consider replacing it with a model not affected by this vulnerability.
Original NVD description (English source)
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

