Search criteria
10 vulnerabilities found for Dash Cam X5 by IROAD
CVE-2025-2346 (GCVE-0-2025-2346)
Vulnerability from cvelistv5 – Published: 2025-03-16 20:00 – Updated: 2025-03-17 13:48
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 Domain origin validation
Summary
A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
Severity ?
5.6 (Medium)
5.6 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T13:47:59.364404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:48:27.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Domain Handler"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"Domain Handler"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult."
},
{
"lang": "de",
"value": "In IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Komponente Domain Handler. Durch das Manipulieren des Arguments Domain Name mit unbekannten Daten kann eine origin validation error-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T20:00:11.895Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299812 | IROAD Dash Cam X5/Dash Cam X6 Domain origin validation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299812"
},
{
"name": "VDB-299812 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299812"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 Domain origin validation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2346",
"datePublished": "2025-03-16T20:00:11.895Z",
"dateReserved": "2025-03-15T18:22:30.453Z",
"dateUpdated": "2025-03-17T13:48:27.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2345 (GCVE-0-2025-2345)
Vulnerability from cvelistv5 – Published: 2025-03-16 18:31 – Updated: 2025-03-17 14:06
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 improper authorization
Summary
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
9.8 (Critical)
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:06:01.990807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:06:09.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine sehr kritische Schwachstelle in IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 gefunden. Hiervon betroffen ist ein unbekannter Codeblock. Mittels Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T18:31:04.588Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299811 | IROAD Dash Cam X5/Dash Cam X6 improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299811"
},
{
"name": "VDB-299811 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299811"
},
{
"name": "Submit #516883 | IROAD Dashcam X series (X5, X6, etc) Improperly Preserved Integrity of Hardware Configuration State D",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516883"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD/blob/main/README.md#finding-5-managing-settings-to-obtain-sensitive-data-and-sabotaging-car-battery"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2345",
"datePublished": "2025-03-16T18:31:04.588Z",
"dateReserved": "2025-03-15T18:22:27.582Z",
"dateUpdated": "2025-03-17T14:06:09.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2344 (GCVE-0-2025-2344)
Vulnerability from cvelistv5 – Published: 2025-03-16 18:00 – Updated: 2025-03-17 14:17
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication
Summary
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:17:05.273310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:17:13.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API Endpoint"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"API Endpoint"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 entdeckt. Davon betroffen ist unbekannter Code der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T18:00:07.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299810 | IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299810"
},
{
"name": "VDB-299810 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299810"
},
{
"name": "Submit #516882 | IROAD Dashcam X series (X5, X6, etc) Missing Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516882"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD#finding-4-remotely-dump-video-footage-and-live-video-stream"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2344",
"datePublished": "2025-03-16T18:00:07.198Z",
"dateReserved": "2025-03-15T18:22:24.835Z",
"dateUpdated": "2025-03-17T14:17:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2343 (GCVE-0-2025-2343)
Vulnerability from cvelistv5 – Published: 2025-03-16 17:31 – Updated: 2025-03-17 14:17
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials
Summary
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:17:39.884417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:17:49.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Device Pairing"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"Device Pairing"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Device Pairing. Durch Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T17:31:04.395Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299809 | IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299809"
},
{
"name": "VDB-299809 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299809"
},
{
"name": "Submit #516881 | IROAD Dashcam X series Authentication Bypass by Primary Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516881"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD#finding-3-bypassing-of-device-pairing-cwe-798-for-iroad-x-series"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2343",
"datePublished": "2025-03-16T17:31:04.395Z",
"dateReserved": "2025-03-15T18:22:22.068Z",
"dateUpdated": "2025-03-17T14:17:49.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2341 (GCVE-0-2025-2341)
Vulnerability from cvelistv5 – Published: 2025-03-16 14:31 – Updated: 2025-03-17 14:21
VLAI?
Title
IROAD Dash Cam X5 SSID default credentials
Summary
A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250203
|
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:21:14.668036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:21:20.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SSID"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250203"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in IROAD Dash Cam X5 bis 20250203 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente SSID. Mit der Manipulation mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T14:31:04.416Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299807 | IROAD Dash Cam X5 SSID default credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299807"
},
{
"name": "VDB-299807 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299807"
},
{
"name": "Submit #512418 | IROAD Dashcam X series Use of Default Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512418"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-1-default-credentials-for-ssid-cwe-1393"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5 SSID default credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2341",
"datePublished": "2025-03-16T14:31:04.416Z",
"dateReserved": "2025-03-15T18:22:15.131Z",
"dateUpdated": "2025-03-17T14:21:20.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2346 (GCVE-0-2025-2346)
Vulnerability from nvd – Published: 2025-03-16 20:00 – Updated: 2025-03-17 13:48
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 Domain origin validation
Summary
A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
Severity ?
5.6 (Medium)
5.6 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2346",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T13:47:59.364404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T13:48:27.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Domain Handler"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"Domain Handler"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult."
},
{
"lang": "de",
"value": "In IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Komponente Domain Handler. Durch das Manipulieren des Arguments Domain Name mit unbekannten Daten kann eine origin validation error-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T20:00:11.895Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299812 | IROAD Dash Cam X5/Dash Cam X6 Domain origin validation",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.299812"
},
{
"name": "VDB-299812 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299812"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 Domain origin validation"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2346",
"datePublished": "2025-03-16T20:00:11.895Z",
"dateReserved": "2025-03-15T18:22:30.453Z",
"dateUpdated": "2025-03-17T13:48:27.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2345 (GCVE-0-2025-2345)
Vulnerability from nvd – Published: 2025-03-16 18:31 – Updated: 2025-03-17 14:06
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 improper authorization
Summary
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
9.8 (Critical)
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:06:01.990807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:06:09.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine sehr kritische Schwachstelle in IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 gefunden. Hiervon betroffen ist ein unbekannter Codeblock. Mittels Manipulieren mit unbekannten Daten kann eine improper authorization-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T18:31:04.588Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299811 | IROAD Dash Cam X5/Dash Cam X6 improper authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299811"
},
{
"name": "VDB-299811 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299811"
},
{
"name": "Submit #516883 | IROAD Dashcam X series (X5, X6, etc) Improperly Preserved Integrity of Hardware Configuration State D",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516883"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD/blob/main/README.md#finding-5-managing-settings-to-obtain-sensitive-data-and-sabotaging-car-battery"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 improper authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2345",
"datePublished": "2025-03-16T18:31:04.588Z",
"dateReserved": "2025-03-15T18:22:27.582Z",
"dateUpdated": "2025-03-17T14:06:09.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2344 (GCVE-0-2025-2344)
Vulnerability from nvd – Published: 2025-03-16 18:00 – Updated: 2025-03-17 14:17
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication
Summary
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
5.3 (Medium)
5.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2344",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:17:05.273310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:17:13.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API Endpoint"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"API Endpoint"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 entdeckt. Davon betroffen ist unbekannter Code der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine missing authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T18:00:07.198Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299810 | IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299810"
},
{
"name": "VDB-299810 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299810"
},
{
"name": "Submit #516882 | IROAD Dashcam X series (X5, X6, etc) Missing Authentication",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516882"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD#finding-4-remotely-dump-video-footage-and-live-video-stream"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2344",
"datePublished": "2025-03-16T18:00:07.198Z",
"dateReserved": "2025-03-15T18:22:24.835Z",
"dateUpdated": "2025-03-17T14:17:13.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2343 (GCVE-0-2025-2343)
Vulnerability from nvd – Published: 2025-03-16 17:31 – Updated: 2025-03-17 14:17
VLAI?
Title
IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials
Summary
A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250308
|
|||||||
|
|||||||||
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:17:39.884417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:17:49.548Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Device Pairing"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
},
{
"modules": [
"Device Pairing"
],
"product": "Dash Cam X6",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250308"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In IROAD Dash Cam X5 and Dash Cam X6 bis 20250308 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente Device Pairing. Durch Manipulation mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff im lokalen Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.8,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T17:31:04.395Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299809 | IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299809"
},
{
"name": "VDB-299809 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299809"
},
{
"name": "Submit #516881 | IROAD Dashcam X series Authentication Bypass by Primary Weakness",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.516881"
},
{
"tags": [
"related"
],
"url": "https://github.com/geo-chen/IROAD#finding-3-bypassing-of-device-pairing-cwe-798-for-iroad-x-series"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5/Dash Cam X6 Device Pairing hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2343",
"datePublished": "2025-03-16T17:31:04.395Z",
"dateReserved": "2025-03-15T18:22:22.068Z",
"dateUpdated": "2025-03-17T14:17:49.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2341 (GCVE-0-2025-2341)
Vulnerability from nvd – Published: 2025-03-16 14:31 – Updated: 2025-03-17 14:21
VLAI?
Title
IROAD Dash Cam X5 SSID default credentials
Summary
A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-1392 - Use of Default Credentials
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IROAD | Dash Cam X5 |
Affected:
20250203
|
Credits
geochen (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2341",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T14:21:14.668036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T14:21:20.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SSID"
],
"product": "Dash Cam X5",
"vendor": "IROAD",
"versions": [
{
"status": "affected",
"version": "20250203"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in IROAD Dash Cam X5 bis 20250203 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Komponente SSID. Mit der Manipulation mit unbekannten Daten kann eine use of default credentials-Schwachstelle ausgenutzt werden. Der Angriff kann im lokalen Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.8,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1392",
"description": "Use of Default Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-16T14:31:04.416Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-299807 | IROAD Dash Cam X5 SSID default credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.299807"
},
{
"name": "VDB-299807 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.299807"
},
{
"name": "Submit #512418 | IROAD Dashcam X series Use of Default Credentials",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.512418"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-1-default-credentials-for-ssid-cwe-1393"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-15T19:27:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "IROAD Dash Cam X5 SSID default credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-2341",
"datePublished": "2025-03-16T14:31:04.416Z",
"dateReserved": "2025-03-15T18:22:15.131Z",
"dateUpdated": "2025-03-17T14:21:20.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}