VYPR

v9

by Iroad

CVEs (3)

  • CVE-2025-30106HigMar 18, 2025
    risk 0.57cvss 8.8epss 0.00

    On IROAD v9 devices, the dashcam has hardcoded default credentials ("qwertyuiop") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing.

  • CVE-2025-30111HigMar 18, 2025
    risk 0.49cvss 7.5epss 0.00

    On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper…

  • CVE-2025-30107HigMar 18, 2025
    risk 0.49cvss 7.5epss 0.00

    On IROAD V9 devices, Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. A vulnerability in the dashcam's configuration management allows unauthorized users to modify settings, disable critical functions, and…