CVE-2025-30131

Name of the Vulnerable Software and Affected Versions: IROAD Dashcam FX2 devices (affected versions not specified)

Description: An issue was discovered that allows an unauthenticated file upload, which can be used to execute arbitrary commands by uploading a CGI-based webshell. This enables an attacker to gain full control over the device with root privileges. Furthermore, uploading a netcat (nc) binary can establish a reverse shell, providing persistent remote and privileged access to the device, resulting in complete device takeover.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.