CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

Blurams Flare Camera 安全漏洞

Blurams Flare Camera is a camera from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from a flaw in the boot process and could lead to the disclosure of sensitive information...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A multi-threaded conditional contention vulnerability exists in the Huawei HarmonyOS Camera Framework module, which can be exploited by an attacker to cause...

Blurams Flare Camera 安全漏洞

Blurams Flare Camera is a webcam from Blurams USA. A security vulnerability exists in Blurams Flare Camera 24.1114.151.929 and earlier versions, which stems from an insecure authentication mechanism that could lead to the execution of arbitrary commands...

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

Affected product: Blurams Flare Camera (versions 24.1114.151.929 and earlier). Vulnerability cause: In the boot process, a read error from the SPI flash memory is induced by shorting a data pin to ground, allowing a physically proximate attacker to hijack the boot mechanism and gain a bootloader ...

PT-2026-2567

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-2566

Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability...

PT-2026-2920

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions prior to 24.1114.151.929 Description An insecure authentication mechanism exists in the safe exec.sh startup script. This allows an attacker with physical access to the device to execute arbitrary commands with ro...

PT-2026-2919

Name of the Vulnerable Software and Affected Versions Blurams Flare Camera versions 24.1114.151.929 and earlier Description A flaw exists in the boot process of the Blurams Flare Camera that allows a nearby attacker to take control of the boot mechanism and obtain a bootloader shell through the...

CVE-2025-65397

An insecure authentication mechanism in the safeexec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/publickey.der is not present in the file...

CVE-2026-0855 Merit LILIN｜IP Camera - OS Command Injection

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

CVE-2023-29862

An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters...

CVE-2023-31996

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function...

CVE-2023-31994

Certain Hanwha products are vulnerable to Denial of Service DoS. ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service DoS via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.0...

CVE-2023-31995

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting XSS...

CVE-2025-66050

Vivotek IP7137 camera with firmware version 0200a by default dos not require to provide any password when logging in as an administrator. While it is possible to set up such a password, a user is not informed about such a need. The vendor has not replied to the CNA. Possibly all firmware versions...