7.5

CVE-2025-30116

EPSS 0.34%
Veröffentlicht 18.03.2025 00:00:00
Zuletzt bearbeitet 22.05.2025 19:43:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092 to stream the live video feed by bypassing the challenge-response authentication mechanism. This exposes sensitive location and personal data.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hella ≫ Dr 820 Firmware Version-

Hella ≫ Dr 820 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.562

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26

Permissions Required

https://github.com/geo-chen/Hella

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30116

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30116

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30116

EUVD