PT-2026-2920 · Blurams · Blurams Flare Camera

Publicado

2026-01-14

Atualizado

2026-01-15

CVE-2025-65397

CVSS v3.1

6.8

Média

Vetor

AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929

Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with root privileges. The issue is triggered by providing a maliciously crafted auth.ini file on the device's SD card, specifically when the file /opt/images/public key.der is not present in the file system.

Recommendations Ensure the file /opt/images/public key.der is present in the file system.

Correção

Improper Authentication

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287CWE-20

Identificadores relacionados

CVE-2025-65397

Produtos afetados

Blurams Flare Camera

PT-2026-2920 · Blurams · Blurams Flare Camera

CVE-2025-65397

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7