An issue in Blurams Lumi Security Camera (A31C) v23.0406.435.4120 allows attackers to execute arbitrary code.
The vulnerability classified as CWE-94 (code injection) allows an attacker to inject and execute arbitrary code on the vulnerable device. The attack can be conducted remotely over the network without requiring privileges or user interaction. Publicly available PoC (proof-of-concept) code confirms the feasibility of practical exploitation of the vulnerability.
An attacker can take full control of the device, gaining access to the camera's video and audio streams, and potentially using it as an entry point to the local network. Loss of confidentiality, integrity, and availability of the system is possible.
Patches available from the manufacturer should be applied according to the references. Until an update is applied, it is recommended to isolate the device from the public network and restrict access to it only from trusted local network segments.
Blurams Lumi Security Camera A31C with firmware version v23.0406.435.4120
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBlurams Lumi Security Camera A31c
HWBluramswszystkie wersjeBlurams Lumi Security Camera A31c Firmware
OSBlurams23.0406.435.412
Related vulnerabilities
An issue in Blurams Lumi Security Camera (A31C) v.2.3.38.12558 allows a physically proximate attackers to exec...
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physi...
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.111...
An issue in Blurams Lumi Security Camera (A31C) v23.1227.472.2926 allows local physical attackers to execute a...