An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779.
An attacker who gains access to the device by using default, commonly known, or compromised passwords (CWE-521) can establish a connection through TCP port 7777 (command port). Subsequently, it is possible to download video recordings through port 7778 and audio recordings through port 7779. The lack of proper access controls (CWE-284) and sensitive data exposure (CWE-200) make this mechanism accessible without additional authentication after the initial login.
An attacker can download complete video and audio recordings from the camera, including route data, recorded conversations, and images of the vehicle's surroundings. This can lead to serious privacy violations for the device user.
Patches available from the manufacturer should be applied according to references. Until an update is released, it is recommended to change default passwords to strong and unique ones, isolate the device on the network (e.g., dedicated network segment or firewall blocking access to ports 7777, 7778, and 7779 from unauthorized sources), and monitor network traffic directed to these ports.
Marbella KR8s Dashcam FF devices running firmware version 2.0.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H