CVE-2025-2348

Name of the Vulnerable Software and Affected Versions: IROAD Dash Cam FX2 up to 20250308

Description: A vulnerability was found in the HTTP/RTSP component of the IROAD Dash Cam FX2, affecting an unknown function of the file /mnt/extsd/event/. This issue leads to information disclosure and can be exploited by an attacker within the local network.

Recommendations: For IROAD Dash Cam FX2 up to 20250308, consider restricting access to the /mnt/extsd/event/ file and the HTTP/RTSP component to minimize the risk of exploitation. As a temporary workaround, limit the device's exposure to the local network until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.