CVE-2025-8762

INSTAR 2K+/4K UART improper physical access control

CVSS 7 HIGHEPSS 0.2%CWE-1263 CWE-284

In short

INSTAR 2K+ and 4K cameras have a flaw in their UART interface that allows anyone with physical access to the device to bypass security controls. This means someone who can connect directly to the camera's internal ports could gain unauthorized access.

Technical detail

Improper physical access control in the UART interface of INSTAR 2K+/4K 3.11.1 Build 1124 allows local attackers with physical device access to circumvent authentication mechanisms. The vulnerability requires direct connection to exposed UART pins and has been publicly disclosed.

Summary generated and translated by AI from the official description.

A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

INSTAR · 2K+INSTAR · 4K

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf https://vuldb.com/?ctiid.319865 https://vuldb.com/?id.319865