CVE-2025-30133

Name of the Vulnerable Software and Affected Versions IROAD Dashcam FX2 (affected versions not specified)

Description An issue exists in IROAD Dashcam FX2 devices that allows bypassing the device pairing and registration process. The device requires registration through the "IROAD X View" application for authentication, but the HTTP server does not enforce this restriction. An attacker connecting to the dashcam's Wi-Fi network using the default password (qwertyuiop) can directly access the HTTP server at the API endpoint http://192.168.10.1 without completing the pairing process. The device does not generate any alerts when an unauthorized connection occurs, resulting in a silent intrusion.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.