CVE-2025-6951
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-07-01

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-01
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2025-07-01
EPSS Evaluated
2026-05-05
NVD
CVE-2025-6951
EUVD
EUVD-2025-19612
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-6951 is a vulnerability in the SAFECAM X300 dashcam related to the use of default credentials in its FTP Service. All devices ship with identical default login credentials, and the mobile app contains hardcoded FTP credentials. An attacker with access to the local network can use these credentials to connect to the dashcam's FTP server and download all recorded video footage, exposing sensitive user data. The vulnerability does not require authentication and is relatively easy to exploit. [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access to the SAFECAM X300 dashcam's FTP server, allowing attackers to remotely download all recorded video footage. This results in significant information disclosure, exposing sensitive user data and compromising privacy. Since the exploit requires only local network access and no authentication, it poses a medium severity risk to confidentiality. [1, 2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by scanning for SAFECAM X300 devices on the local network and attempting to connect to their FTP service using the known default credentials. Since the FTP service uses identical default credentials across all devices, you can try to connect via FTP to the device IP addresses using these credentials. Commands such as 'nmap' can be used to detect open FTP ports (usually port 21), for example: 'nmap -p 21 <target-ip>'. Then, use an FTP client or command line to attempt login with default credentials. Additionally, checking network traffic for FTP connections to SAFECAM devices or extracting hardcoded FTP credentials from the Viidure mobile app APK can help identify vulnerable devices. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include changing the default FTP credentials on all SAFECAM X300 devices to unique, strong passwords to prevent unauthorized access. If the device firmware does not allow changing these credentials, consider isolating the devices on a separate network segment to limit access. Since no official vendor patch or mitigation is available, replacing the affected devices with alternatives that do not have this vulnerability is recommended. Additionally, monitor network traffic for unauthorized FTP access attempts and restrict FTP access to trusted users only. [3, 1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart