CVE-2025-30115

CRITICAL

Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure

Title source: llm

Description

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network.

References (2)

[Third Party Advisory] https://github.com/geo-chen/Hella

View Writeup ZIP pw:eip

[Permissions Required] https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26

Scores

CVSS v3 9.8

EPSS 0.0016

EPSS Percentile 36.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-259

Status published

Products (1)

hella/dr_820_firmware

Published Mar 18, 2025

Tracked Since Feb 18, 2026