CVE-2025-30135

EPSS 0.08%
Veröffentlicht 25.07.2025 00:00:00
Zuletzt bearbeitet 06.11.2025 20:23:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. By connecting to http://192.168.10.1/mnt/extsd/event/, an attacker can download all stored video recordings in an unencrypted manner. Additionally, the RTSP stream on port 8554 is accessible without authentication, allowing an attacker to view live footage.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Iroadau ≫ Fx2 Firmware Version-

Iroadau ≫ Fx2 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.233

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.4	3.9	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication

Third Party Advisory

https://www.iroadau.com.au/downloads/

Product

https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-13---cve-2025-30135-locking-owner-out-of-device-dos

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30135

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30135

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30135

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-30135