CVE-2025-30124
BaseFortify
Publication date: 2025-07-28
Last updated on: 2025-07-30
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| marbella | krx_dashcam | * |
| marbella | kr8s_dashcam | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the device automatically writes the existing password onto the SD card in cleartext. An attacker with temporary physical access to the dashcam can swap the SD card to steal this password, exposing the device's security credentials. [2]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to the dashcam by allowing an attacker to obtain the password from the SD card. This can result in privacy breaches, as attackers may access sensitive video recordings. Additionally, attackers can remotely change device settings without authentication, disable recording, delete footage, or disable battery protection, potentially rendering the vehicle unusable. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of plaintext passwords on the SD card of the Marbella KR8s Dashcam after inserting a new SD card. Additionally, monitoring network ports 7777, 7778, and 7779 for unauthorized access or unusual socket connections can help detect exploitation attempts. Commands to check open ports on the dashcam's IP address could include: `nmap -p 7777,7778,7779 <dashcam_ip>` to scan for open ports, and `tcpdump` or `wireshark` to monitor traffic on these ports. To detect if the password is written in plaintext on the SD card, mount the SD card on a computer and use commands like `grep` or `strings` to search for password strings in the files. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Avoid inserting new SD cards into the dashcam to prevent automatic writing of the plaintext password onto the card. 2) Physically secure the dashcam to prevent unauthorized temporary access that would allow an attacker to swap the SD card. 3) Monitor and restrict network access to ports 7777, 7778, and 7779 to prevent remote unauthorized access. 4) Change default passwords if possible and use strong, unique passwords to reduce the risk of brute-force attacks. 5) Regularly check the SD card for any stored plaintext passwords and remove or encrypt them if possible. Since the vendor has not acknowledged the vulnerability, consider contacting Marbella for firmware updates or patches. [2]