VYPR

IROAD

by Iroad

CVEs (7)

  • CVE-2025-2345CriMar 16, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early…

  • CVE-2025-30135CriJul 25, 2025
    risk 0.61cvss 9.4epss 0.01

    An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. By connecting to…

  • CVE-2025-30132CriMar 18, 2025
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept…

  • CVE-2025-30111HigMar 18, 2025
    risk 0.49cvss 7.5epss 0.00

    On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper…

  • CVE-2025-30110MedMar 18, 2025
    risk 0.42cvss 6.5epss 0.00

    On IROAD X5 devices, a Bypass of Device Pairing can occur via MAC Address Spoofing. The dashcam's pairing mechanism relies solely on MAC address verification, allowing an attacker to bypass authentication by spoofing an already-paired MAC address that can be captured via an ARP…

  • CVE-2025-30109MedMar 18, 2025
    risk 0.42cvss 6.5epss 0.00

    In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information,…

  • CVE-2025-2342MedMar 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has…