PT-2025-12665 · 70Mai · 70Mai Dash Cam 1S
Published
2025-03-24
·
Updated
2025-03-26
·
CVE-2025-30112
CVSS v3.1
7.1
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
70mai Dash Cam 1S devices (affected versions not specified)
Description
The issue allows an attacker to bypass the device authorization mechanism by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554. This bypasses the requirement for a user to physically press the power button during a connection.
Recommendations
For 70mai Dash Cam 1S devices, as a temporary workaround, consider restricting access to the API on port 80 and RTSP on port 554 to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
70Mai Dash Cam 1S