PT-2025-28041 · Blackvue · Blackvue Dashcam 590X

Geochen

Published

2025-07-05

Updated

2025-07-06

CVE-2025-7076

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: BlackVue Dashcam 590X up to 20250624

Description: A critical issue affects some unknown functionality of the file /upload.cgi of the component Configuration Handler, leading to improper access controls. The attack must be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted about this disclosure but did not respond.

Recommendations: For BlackVue Dashcam 590X up to 20250624, as a temporary workaround, consider restricting access to the /upload.cgi file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Privilege Assignment

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-284

Related Identifiers

BDU:2026-07981

CVE-2025-7076

Affected Products

Blackvue Dashcam 590X

PT-2025-28041 · Blackvue · Blackvue Dashcam 590X

CVE-2025-7076

Weakness Enumeration

Related Identifiers

Affected Products

References · 11