INSTAR 2K+ and 4K UART Interface Improper Physical Access Control Vulnerability

Vulnerability

A vulnerability exists in INSTAR 2K+ and 4K cameras running firmware 3.11.1 Build 1124. This issue arises from an exposed UART debug interface, which can be accessed physically. The vulnerability allows unauthorized users to interrupt the boot process and access the U-Boot bootloader. From there, boot parameters can be modified to launch a shell with elevated privileges, granting root access without authentication.

Impact

Exploitation of this vulnerability allows for unauthorized physical access control, enabling an attacker to gain root privileges on the device.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

INSTAR 2K+ and 4K UART Interface Improper Physical Access Control Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating