CVE-2025-7075

Name of the Vulnerable Software and Affected Versions: BlackVue Dashcam 590X up to 20250624

Description: A critical vulnerability affects an unknown functionality of the file /upload.cgi of the component HTTP Endpoint, leading to unrestricted upload. The attack must be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond.

Recommendations: For BlackVue Dashcam 590X up to 20250624, as a temporary workaround, consider restricting access to the /upload.cgi HTTP Endpoint until a patch is available. Avoid using the vulnerable HTTP Endpoint within the local network to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.