An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network.
The DR 820 dash cam broadcasts a fixed SSID at all times while operating, and the Wi-Fi network password is hardcoded in the firmware and cannot be changed by the user. Since both the SSID and password are identical for all instances of this device and publicly known, anyone within network range can connect to the device without any authorization. The vulnerability is classified as CWE-259 (use of hardcoded password).
An attacker within Wi-Fi range can gain unauthorized access to the device's network, potentially enabling data interception, interference with dash cam operation, or further attacks on related devices on the network.
Apply patches available from the manufacturer according to the references. Until a fix is released, it is recommended to restrict physical accessibility of the device and monitor for unauthorized Wi-Fi connections in its vicinity.
Forvia Hella Driving Recorder DR 820 (Hella DR 820 Firmware / Hella DR 820) — specific firmware versions were not indicated in the description; the vulnerability affects the device in its default configuration
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HHella Dr 820
HWHellawszystkie wersjeHella Dr 820 Firmware
OSHellawszystkie wersje
Related vulnerabilities
Hardcoded Credentials w Hella Driving Recorder DR 820 (porty 9091/9092)
Hella DR 820: Pominięcie uwierzytelniania przez spoofing adresu MAC
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage a...
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sen...