geo-chen

42 exploits Active since Feb 2025
CVE-2024-56897 WRITEUP CRITICAL WRITEUP
YI Car Dashcam <3.88 - Info Disclosure
Improper access control in the HTTP server in YI Car Dashcam v3.88 allows unrestricted file downloads, uploads, and API commands. API commands can also be made to make unauthorized modifications to the device settings, such as disabling recording, disabling sounds, factory reset.
CVSS 9.8
CVE-2025-11942 WRITEUP HIGH WRITEUP
70mai X200 Firmware < 2025-10-10 - Improper Authentication in Pairing
A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-11943 WRITEUP HIGH WRITEUP
70mai X200 <20251010 - Default Credentials
A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 7.3
CVE-2025-2119 WRITEUP LOW WRITEUP
Thinkware Car Dashcam F800 Pro <20250226 - Default Credentials
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.0
CVE-2025-2120 WRITEUP LOW WRITEUP
Thinkware Car Dashcam F800 Pro <20250226 - Info Disclosure
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.1
CVE-2025-2121 WRITEUP MEDIUM WRITEUP
Thinkware Car Dashcam F800 Pro <20250226 - Info Disclosure
A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-2122 WRITEUP LOW WRITEUP
Thinkware Car Dashcam F800 Pro <20250226 - DoS
A vulnerability classified as problematic was found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected by this vulnerability is an unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.1
CVE-2025-2345 WRITEUP CRITICAL WRITEUP
IROAD Dash Cam X5-X6 <20250308 - Auth Bypass
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 9.8
CVE-2025-2355 WRITEUP LOW WRITEUP
BlackVue App 3.65 - Info Disclosure
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.3
CVE-2025-2356 WRITEUP LOW WRITEUP
BlackVue App 3.65 - Sensitive Query String Exposure via API Handler
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 3.7
CVE-2025-2555 WRITEUP LOW WRITEUP
Audi Universal Traffic Recorder App <2.89-2.90 - Hard-Coded Password
A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.
CVSS 2.9
CVE-2025-2556 WRITEUP MEDIUM WRITEUP
Audi UTR Dashcam <2.89-2.90 - Info Disclosure
A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.
CVSS 4.3
CVE-2025-2557 WRITEUP MEDIUM WRITEUP
Audi UTR Dashcam <2.89-2.90 - Improper Access Controls
A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. Upgrading to version 2.89 and 2.90 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about these issues and acted very professional. Version 2.89 is fixing this issue for new customers and 2.90 is going to fix it for existing customers.
CVSS 5.5
CVE-2025-30109 WRITEUP MEDIUM WRITEUP
IROAD APK 5.2.5 - Use of Hard-coded Credentials
In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage.
CVSS 6.5
CVE-2025-30110 WRITEUP MEDIUM WRITEUP
IROAD X5 - Authentication Bypass via MAC Address Spoofing
On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP scan.
CVSS 6.5
CVE-2025-30111 WRITEUP HIGH WRITEUP
IROAD v9 - Unauthenticated Video Footage and Live Stream Access
On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication.
CVSS 7.5
CVE-2025-30112 WRITEUP HIGH WRITEUP
70mai Dash Cam 1S - Unauthenticated Authentication Bypass via Direct Network API Access
On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power button during a connection.
CVSS 7.1
CVE-2025-30113 WRITEUP CRITICAL WRITEUP
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network.
CVSS 9.8
CVE-2025-30114 WRITEUP CRITICAL WRITEUP
Forvia Hella HELLA Driving Recorder DR 820 - Auth Bypass
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the authentication process and gain full access to the dashcam's features without proper authorization.
CVSS 9.1
CVE-2025-30115 WRITEUP CRITICAL WRITEUP
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network.
CVSS 9.8
CVE-2025-30116 WRITEUP HIGH WRITEUP
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092 to stream the live video feed by bypassing the challenge-response authentication mechanism. This exposes sensitive location and personal data.
CVSS 7.5
CVE-2025-30117 WRITEUP HIGH WRITEUP
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information through the settings interface. Remote attackers can modify power management settings, disable recording, delete stored footage, and turn off battery protection, leading to potential denial-of-service conditions and vehicle battery drainage.
CVSS 7.3
CVE-2025-30118 WRITEUP HIGH WRITEUP
Audi Universal Traffic Recorder 2.88 - DoS
An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by occupying the only available connection. The SSID remains broadcast at all times, increasing exposure to potential attacks.
CVSS 7.5
CVE-2025-30124 WRITEUP CRITICAL WRITEUP
Marbella KR8s Dashcam FF 2.0.8 - Info Disclosure
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password.
CVSS 9.8
CVE-2025-30125 WRITEUP CRITICAL WRITEUP
Marbella KR8s Dashcam FF <2.0.8 - Info Disclosure
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.
CVSS 9.8