Primary

Context

INSTAR 2K+ and 4K Buffer Overflow Vulnerability in FCGI Server Component

Vulnerability

A buffer overflow vulnerability has been identified in the INSTAR 2K+ and 4K series cameras, specifically in version 3.11.1 Build 1124. The issue arises in the FCGI server component, where the 'base64_decode' function improperly handles Base64-encoded HTTP Basic Authentication headers. This vulnerability can be exploited remotely, without authentication, leading to full system compromise since the vulnerable binary runs with root privileges.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be leveraged for remote code execution. Given that the affected process runs with root privileges, successful exploitation results in complete control over the device.

Remediation

Users are advised to apply the firmware update released by INSTAR, which addresses this vulnerability. Additionally, implementing restrictive firewall rules can help mitigate the risk of exploitation.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.4

threat

4.8

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.4

remediation

0.0

relevance

0.4

threat

4.8

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

INSTAR 2K+ and 4K Buffer Overflow Vulnerability in FCGI Server Component

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating