HIGH🇬🇧 English

CVE-2025-30116

CVSS 7.5v3.1pub. 2025-03-18upd. 2025-05-22

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092 to stream the live video feed by bypassing the challenge-response authentication mechanism. This exposes sensitive location and personal data.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Hella Dr 820

    HW
    Hella
    wszystkie wersje
  • Hella Dr 820 Firmware

    OS
    Hella
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2025-30113CRITICAL9.8PL ✓ten sam produkt

Hardcoded Credentials w Hella Driving Recorder DR 820 (porty 9091/9092)

CVE-2025-30114CRITICAL9.1PL ✓ten sam produkt

Hella DR 820: Pominięcie uwierzytelniania przez spoofing adresu MAC

CVE-2025-30115CRITICAL9.8PL ✓ten sam produkt

Hella DR 820: stałe, niezmieniane domyślne dane logowania do sieci Wi-Fi

CVE-2025-30117HIGH7.3ten sam produkt

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sen...

CVE-2025-30116 — HIGH 7.5 | CVEbaza.pl