CVE-2025-2343

Name of the Vulnerable Software and Affected Versions: IROAD Dash Cam X5 versions up to 20250308 IROAD Dash Cam X6 versions up to 20250308

Description: A critical vulnerability was found in the Device Pairing component of the affected devices, leading to hard-coded credentials. Access to the local network is required for a successful attack, and the complexity of the attack is rather high. The exploitation appears to be difficult. The vendor was contacted about this disclosure but did not respond.

Recommendations: For IROAD Dash Cam X5 versions up to 20250308, consider disabling the Device Pairing functionality until a patch is available. For IROAD Dash Cam X6 versions up to 20250308, consider disabling the Device Pairing functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.