CVE-2025-30124

CRITICAL

Marbella KR8s Dashcam FF 2.0.8 - Info Disclosure

Title source: llm

Description

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password.

References (4)

[Various Sources] https://geochen.medium.com/marbella-dashcam-ab40ca41adec

[Various Sources] https://github.com/geo-chen/Marbella/

View Writeup ZIP pw:eip

[Various Sources] https://github.com/geo-chen/Marbella/blob/main/README.md#finding-4---cve-2025-30124-passwords-are-stored-in-plaintext-and-can-be-retrieved-with-physical-contact

[Various Sources] https://makagps.com/

Scores

CVSS v3 9.8

EPSS 0.0007

EPSS Percentile 21.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-312

Status published

Published Jul 28, 2025

Tracked Since Feb 18, 2026