{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8762", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-08T15:37:37.719Z", "datePublished": "2025-08-13T06:14:04.487Z", "dateUpdated": "2025-08-13T13:30:21.695Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-13T06:14:04.487Z"}, "title": "INSTAR 2K+/4K UART improper physical access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1263", "lang": "en", "description": "Improper Physical Access Control"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}], "affected": [{"vendor": "INSTAR", "product": "2K+", "versions": [{"version": "3.11.1 Build 1124", "status": "affected"}], "modules": ["UART Interface"]}, {"vendor": "INSTAR", "product": "4K", "versions": [{"version": "3.11.1 Build 1124", "status": "affected"}], "modules": ["UART Interface"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Davon betroffen ist unbekannter Code der Komponente UART Interface. Durch das Manipulieren mit unbekannten Daten kann eine improper physical access control-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-08-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-13T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-13T08:18:26.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Michael Imfeld (modzero AG)", "type": "finder"}], "references": [{"url": "https://vuldb.com/?id.319865", "name": "VDB-319865 | INSTAR 2K+/4K UART improper physical access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.319865", "name": "VDB-319865 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T13:30:16.418304Z", "id": "CVE-2025-8762", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T13:30:21.695Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8762", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T13:30:16.418304Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T13:30:18.564Z"}}], "cna": {"title": "INSTAR 2K+/4K UART improper physical access control", "credits": [{"lang": "en", "type": "finder", "value": "Michael Imfeld (modzero AG)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "INSTAR", "modules": ["UART Interface"], "product": "2K+", "versions": [{"status": "affected", "version": "3.11.1 Build 1124"}]}, {"vendor": "INSTAR", "modules": ["UART Interface"], "product": "4K", "versions": [{"status": "affected", "version": "3.11.1 Build 1124"}]}], "timeline": [{"lang": "en", "time": "2025-08-13T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-13T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-13T08:18:26.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319865", "name": "VDB-319865 | INSTAR 2K+/4K UART improper physical access control", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.319865", "name": "VDB-319865 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used."}, {"lang": "de", "value": "Davon betroffen ist unbekannter Code der Komponente UART Interface. Durch das Manipulieren mit unbekannten Daten kann eine improper physical access control-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1263", "description": "Improper Physical Access Control"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "Improper Access Controls"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-13T06:14:04.487Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8762", "state": "PUBLISHED", "dateUpdated": "2025-08-13T13:30:21.695Z", "dateReserved": "2025-08-08T15:37:37.719Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-13T06:14:04.487Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in INSTAR 2K+ and 4K 3.11.1 Build 1124. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper physical access control. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en INSTAR 2K+ y 4K 3.11.1 Build 1124. Este problema afecta a un procesamiento desconocido de la interfaz UART del componente. La manipulaci\u00f3n provoca un control de acceso f\u00edsico inadecuado. Es posible lanzar el ataque al dispositivo f\u00edsico. Se ha hecho p\u00fablico el exploit y puede que sea utilizado."}], "id": "CVE-2025-8762", "lastModified": "2025-08-13T17:33:46.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-13T07:15:30.763", "references": [{"source": "cna@vuldb.com", "url": "https://modzero.com/static/MZ-25-03_modzero_INSTAR.pdf"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.319865"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.319865"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-1263"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}