CVE-2025-30125
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-28

Last updated on: 2025-07-30

Assigner: MITRE

Description
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-28
Last Modified
2025-07-30
Generated
2026-05-07
AI Q&A
2025-07-28
EPSS Evaluated
2026-05-05
NVD
CVE-2025-30125
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access to the dashcam devices because the default password is widely known and the password length limit of 8 characters makes brute-force attacks feasible and inexpensive. Attackers can gain control over the device, potentially accessing recorded footage or manipulating device functions, leading to privacy breaches or misuse of the device. [1]


Can you explain this vulnerability to me?

This vulnerability affects Marbella KR8s Dashcam FF 2.0.8 devices, which are shipped with the same default password '12345678'. This creates an insecure-by-default condition. Even when users change their passwords, they are limited to 8 characters, which can be brute-force cracked in about 8 hours using low-end commercial cloud resources. The short password length and default credentials make the devices highly vulnerable to unauthorized access. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by checking for devices using the default password '12345678' or any 8-character password on Marbella KR8s Dashcam FF 2.0.8 devices. You can attempt to log in to the dashcam interfaces using these credentials. Additionally, monitoring authentication logs for repeated failed login attempts or successful logins with default credentials can help detect exploitation. Specific commands depend on your network setup, but for example, using network scanning tools to identify dashcam devices and then attempting SSH or HTTP login with default credentials could be effective. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include changing the default password from '12345678' to a longer passphrase, as eight-character passwords are vulnerable to rapid brute-force attacks using cloud resources. Since the device limits passwords to 8 characters, consider additional network-level protections such as isolating the dashcams from untrusted networks, implementing firewall rules to restrict access, and monitoring for suspicious login attempts. Ultimately, increasing password length beyond 8 characters is recommended, but if device limitations prevent this, compensating controls are necessary. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart