CVE-2025-8762 | THREATINT

Description

A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used.

Davon betroffen ist unbekannter Code der Komponente UART Interface. Durch das Manipulieren mit unbekannten Daten kann eine improper physical access control-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-08-08 | Published 2025-08-13 | Updated 2025-08-13 | Assigner VulDB

HIGH: 7.0CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

MEDIUM: 6.8CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

MEDIUM: 6.8CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

7.2AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR

Problem types

Improper Physical Access Control

Improper Access Controls

Product status

3.11.1 Build 1124

affected

3.11.1 Build 1124

affected

Timeline

2025-08-13:	Advisory disclosed
2025-08-13:	VulDB entry created
2025-08-13:	VulDB entry last update

Credits

Michael Imfeld (modzero AG) finder

References

vuldb.com/?id.319865 (VDB-319865 | INSTAR 2K+/4K UART improper physical access control) vdb-entry

vuldb.com/?ctiid.319865 (VDB-319865 | CTI Indicators (IOB, IOC)) signature permissions-required

modzero.com/static/MZ-25-03_modzero_INSTAR.pdf exploit

cve.org (CVE-2025-8762)

nvd.nist.gov (CVE-2025-8762)

Download JSON