CVE-2025-30106

Name of the Vulnerable Software and Affected Versions IROAD version v9

Description The issue concerns hardcoded default credentials, specifically qwertyuiop, which are used by the dashcam and cannot be altered by the user. This setup allows an attacker, who is within Wi-Fi range, to connect to the device's network. Once connected, the attacker can perform sniffing, which is a technique used to intercept and analyze network traffic.

Recommendations For IROAD version v9, consider changing the default credentials to a strong, unique password as soon as possible, if a method to do so becomes available. However, since the credentials cannot be changed by the user according to the provided information, as a temporary workaround, restrict access to the device's Wi-Fi network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.