CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hi
CVSS
6.1
Medio
EPSS
0.2%
p8
KEV
—
Exploit Today
2
0-100
Publicado: 14 ene 2026 · Última mod.: 5 jul 2026 · CWE-119 · CWE-125 · CWE-1274
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.