Blurams Flare Camera Insecure Authentication in Startup Script Allows Root Command Execution
Vulnerability
A vulnerability exists in the safe_exec.sh startup script of Blurams Flare Camera, specifically in versions through 24.1114.151.929. The issue arises from an insecure authentication mechanism that enables an attacker with physical access to the device to execute arbitrary commands with root privileges. This exploitation is possible if the file /opt/images/public_key.der is absent from the file system. The vulnerability can be triggered by placing a maliciously crafted auth.ini file on the device's SD card.
Impact
Exploitation of this vulnerability allows for arbitrary command execution with root privileges on the affected device.
Reproduction
To reproduce this vulnerability, physically access the Blurams Flare Camera running a vulnerable version. Ensure that the file /opt/images/public_key.der is not present on the device. Then, create a malicious auth.ini file and place it on the device's SD card. When the camera is started, the unsafe authentication mechanism will be exploited, allowing arbitrary commands to be executed with root privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.