The author details their exploration into a vulnerability in the INSTAR IN-8401 2K+ IP camera, which is part of a larger series of devices with similar firmware. The process began with accessing the camera’s firmware through a UART interface, which allowed the author to gain root access. After extracting the entire filesystem, they mapped out the attack surface, focusing on the web server components, particularly `fcgi_server` and `ipc_server`, both of which could be reached without authentication. The analysis revealed that `fcgi_server` acted as a middleware, forwarding requests to `ipc_server`, which handled authentication and application logic. The author employed fuzzing and reverse engineering techniques to search for vulnerabilities, leading to the discovery of CVE-2025-87614. They used tools like GDB, boofuzz, and strace for debugging and dynamic analysis. The findings pointed to a series of handler functions in the code that could potentially be exploited due to improper handling of authentication data, marking a significant step towards achieving unauthenticated remote code execution (RCE) on the device.