216.73.216.86

CVE-2025-65396

· Published 14/01/2026 17:16 · Modified 14/01/2026 20:16

Labels: CVE-2025-65396 2026-01-14CVE-2025-65396CWE-119[email protected]

Essential information

Published
14/01/2026 17:16
Modified
14/01/2026 20:16
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
blurams / flare camera cpe:2.3:a:blurams:flare_camera:24.1114.151.929:*:*:*:*:*:*:*
blurams / flare camera cpe:2.3:a:blurams:flare_camera:*:*:*:*:*:*:*:*

References