4.6

CVE-2025-2120

Exploit
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ThinkwareF800 Pro Firmware Version-
   ThinkwareF800 Pro Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.01% 0.012
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 0.9 3.6
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cna@vuldb.com 2.4 0 0
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 2.1 0.7 1.4
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-313 Cleartext Storage in a File or on Disk

The product stores sensitive information in cleartext in a file, or on disk.

https://github.com/geo-chen/Thinkware-Dashcam
Third Party Advisory
Exploit
https://vuldb.com/?ctiid.299033
VDB Entry
Permissions Required
https://vuldb.com/?id.299033
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.507327
Third Party Advisory
VDB Entry