PT-2025-32198 · Marbella · Marbella Kr8S Dashcam Ff

Geo-Chen

Published

2025-08-06

Updated

2025-08-07

CVE-2025-30127

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Marbella KR8s Dashcam FF version 2.0.8

Description An issue exists on Marbella KR8s Dashcam FF 2.0.8 devices where video recordings, containing sensitive data such as routes, conversations, and footage, are accessible for download. This is achieved by establishing a socket connection to command port 7777, followed by downloading video data via port 7778 and audio data via port 7779, after gaining access through default, common, or cracked passwords.

Recommendations Change default or common passwords to strong, unique credentials. Restrict network access to ports 7777, 7778, and 7779.

Exploit

Fix

Improper Access Control

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-200CWE-521

Related Identifiers

CVE-2025-30127

Affected Products

Marbella Kr8S Dashcam Ff

PT-2025-32198 · Marbella · Marbella Kr8S Dashcam Ff

CVE-2025-30127

Weakness Enumeration

Related Identifiers

Affected Products

References · 9