BlackVue App
by BlackVue
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-2356 | Low | 0.24 | 3.7 | 0.00 | Mar 17, 2025 | A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the… | ||
| CVE-2025-2355 | Low | 0.21 | 3.3 | 0.00 | Mar 17, 2025 | A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials.… | ||
| CVE-2023-27746 | 0.01 | — | 0.02 | Apr 13, 2023 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. | |||
| CVE-2023-27748 | 0.00 | — | 0.01 | Apr 13, 2023 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. | |||
| CVE-2023-27747 | 0.00 | — | 0.01 | Apr 13, 2023 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings. |
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials.…
- CVE-2023-27746Apr 13, 2023risk 0.01cvss —epss 0.02
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.
- CVE-2023-27748Apr 13, 2023risk 0.00cvss —epss 0.01
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
- CVE-2023-27747Apr 13, 2023risk 0.00cvss —epss 0.01
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.