CVE-2025-7070
BaseFortify
Publication date: 2025-07-04
Last updated on: 2025-10-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| iroad | q9_firmware | to 2025-06-24 (inc) |
| iroad | q9 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-NVD-CWE-noinfo | |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects the IROAD Dashcam Q9 device, specifically an unknown functionality within the MFA Pairing Request Handler component. It allows an attacker on the local network to manipulate the system in a way that leads to allocation of resources, which could potentially be exploited.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing an attacker within the local network to manipulate the device's resource allocation. This could lead to degraded device performance or denial of service conditions, although no direct impact on confidentiality or integrity is indicated.
What immediate steps should I take to mitigate this vulnerability?
Since the attack requires being within the local network, immediate mitigation steps include isolating the affected device (IROAD Dashcam Q9) from the local network until a patch or fix is available. Monitor and restrict local network access to the device and avoid using the vulnerable MFA Pairing Request Handler functionality. Contact the vendor for updates, although no response has been received so far.