CVE-2025-30109

Name of the Vulnerable Software and Affected Versions IROAD APK version 5.2.5

Description The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage. The hardcoded credentials are for ports 9091 and 9092.

Recommendations For IROAD APK version 5.2.5, consider restricting access to ports 9091 and 9092 to minimize the risk of exploitation. As a temporary workaround, avoid using the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.