PT-2023-28754 · 70Mai · 70Mai A500S
Published
2023-10-09
·
Updated
2023-10-16
·
CVE-2023-43271
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
70mai a500s version 1.2.119
Description
The issue is related to incorrect access control, allowing attackers to directly access and delete video files of the driving recorder through ftp and other protocols.
Recommendations
For version 1.2.119, consider restricting access to the ftp protocol and other affected protocols until a patch is available. As a temporary workaround, restrict access to the video files to minimize the risk of exploitation.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
70Mai A500S