CVE-2025-30131
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-26

Last updated on: 2025-11-06

Assigner: MITRE

Description
An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-26
Last Modified
2025-11-06
Generated
2026-05-07
AI Q&A
2025-06-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-30131
EUVD
EUVD-2025-27775
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
iroadau fx2_firmware *
iroadau fx2 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the IROAD FX2 dashcam and involves an unauthenticated file upload endpoint that allows attackers to upload arbitrary files, including a CGI-based webshell. By doing so, attackers can execute arbitrary commands with root privileges on the device. They can also upload a netcat binary to establish a reverse shell, enabling persistent remote root-level access and complete device takeover. [1]


How can this vulnerability impact me? :

Exploiting this vulnerability can lead to complete takeover of the dashcam device by an attacker. They can execute commands with root privileges, gain persistent remote access, and control the device fully. This compromises the security and privacy of the device and any data it handles. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for the presence of the unauthenticated file upload endpoint at http://192.168.10.1/action/upload_file on the IROAD FX2 dashcam. You can attempt to access this URL to see if it allows file uploads without authentication. Additionally, monitoring network traffic for HTTP POST requests to this endpoint or scanning the device for unexpected CGI-based webshell files or netcat binaries can help detect exploitation attempts. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include disabling or restricting access to the file upload endpoint at http://192.168.10.1/action/upload_file to prevent unauthenticated uploads. Applying any available firmware updates or patches from the vendor that address this vulnerability is critical. Additionally, monitoring the device for suspicious files such as CGI-based webshells or netcat binaries and removing them can help prevent exploitation. Network segmentation and restricting access to the dashcam's management interface can also reduce risk. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart