9.8

CVE-2025-30113

EPSS 0.18%
Veröffentlicht 18.03.2025 00:00:00
Zuletzt bearbeitet 22.05.2025 19:51:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hella ≫ Dr 820 Firmware Version-

Hella ≫ Dr 820 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.393

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26

Permissions Required

https://github.com/geo-chen/Hella

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30113

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30113

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30113

EUVD