CVE-2025-30124

CRITICAL

Marbella KR8s Dashcam FF 2.0.8 - Info Disclosure

Title source: llm

Description

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password.

References (4)

Core 4

Core References

Various Sources

https://geochen.medium.com/marbella-dashcam-ab40ca41adec

Various Sources

https://github.com/geo-chen/Marbella/

View Writeup ZIP pw:eip

Various Sources

https://github.com/geo-chen/Marbella/blob/main/README.md#finding-4---cve-2025-30124-passwords-are-stored-in-plaintext-and-can-be-retrieved-with-physical-contact

View Writeup ZIP pw:eip

Various Sources

https://makagps.com/

Scores

CVSS v3 9.8

EPSS 0.0027

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-312

Status published

Published Jul 28, 2025

Tracked Since Feb 18, 2026