CVE-2025-30135

Name of the Vulnerable Software and Affected Versions IROAD Dashcam FX2 (affected versions not specified)

Description The IROAD Dashcam FX2 devices are affected by an issue where files can be dumped over HTTP and RTSP without authentication. The devices lack authentication controls on their HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. An attacker can download all stored video recordings in an unencrypted manner by connecting to the ''http://192.168.10.1/mnt/extsd/event/'' endpoint. Additionally, the RTSP stream on port 8554 is accessible without authentication, enabling an attacker to view live footage. The vulnerable parameters are not explicitly mentioned.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.