CVE-2025-30115

CRITICAL

Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure

Title source: llm

Description

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network.

References (2)

Core 2

Core References

Third Party Advisory

https://github.com/geo-chen/Hella

View Writeup ZIP pw:eip

Permissions Required

https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26

Scores

CVSS v3 9.8

EPSS 0.0039

EPSS Percentile 30.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-259

Status published

Products (1)

hella/dr_820_firmware

Published Mar 18, 2025

Tracked Since Feb 18, 2026