Blurams Flare Camera Boot Process Vulnerability Allowing Bootloader Access and Firmware Dump
Vulnerability
A vulnerability exists in the boot process of Blurams Flare Camera versions through 24.1114.151.929. It allows a physically proximate attacker to hijack the boot mechanism and access a bootloader shell via the UART interface. This exploitation involves inducing a read error from the SPI flash memory during the boot process by shorting a data pin of the integrated circuit to ground. Once access is gained, an attacker can dump the entire firmware, potentially disclosing sensitive information such as cryptographic keys and user configurations.
Impact
Exploitation of this vulnerability could lead to unauthorized access to the bootloader, allowing for a full firmware dump. This could result in the disclosure of sensitive information, including cryptographic keys and user configurations.
Reproduction
To reproduce this vulnerability, physically access the Blurams Flare Camera and connect to the UART interface. During the boot process, short a data pin of the SPI flash memory integrated circuit to ground. This will induce a read error, disrupting the normal boot sequence. Once the bootloader access is gained, the firmware can be dumped via the UART interface.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.