exploitDog

CVE-2025-30113

Опубликовано: 18 мар. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network.

Ссылки

https://github.com/geo-chen/Hella
Third Party Advisory
https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:hella:dr_820_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:hella:dr_820:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00177

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798

Связанные уязвимости

GHSA-5rfm-vp96-44gv

CVSS3: 9.8

github

11 месяцев назад

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These credentials, stored in cleartext, can be exploited by an attacker who gains access to the dashcam's network.

EPSS

Процентиль: 39%

0.00177

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-798