BlackVue
Products
3- 6 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-27748 | Cri | 0.64 | 9.8 | 0.01 | Apr 13, 2023 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. | ||
| CVE-2023-27746 | Cri | 0.64 | 9.8 | 0.02 | Apr 13, 2023 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. | ||
| CVE-2023-27747 | Hig | 0.49 | 7.5 | 0.01 | Apr 13, 2023 | BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings. | ||
| CVE-2025-7075 | Med | 0.41 | 6.3 | 0.01 | Jul 6, 2025 | A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs… | ||
| CVE-2025-7076 | Med | 0.35 | 5.4 | 0.01 | Jul 6, 2025 | A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack… | ||
| CVE-2025-2356 | Low | 0.24 | 3.7 | 0.00 | Mar 17, 2025 | A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the… | ||
| CVE-2025-2355 | Low | 0.21 | 3.3 | 0.00 | Mar 17, 2025 | A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials.… |
- risk 0.64cvss 9.8epss 0.01
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.
- risk 0.64cvss 9.8epss 0.02
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.
- risk 0.49cvss 7.5epss 0.01
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.
- risk 0.41cvss 6.3epss 0.01
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs…
- risk 0.35cvss 5.4epss 0.01
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack…
- risk 0.24cvss 3.7epss 0.00
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the…
- risk 0.21cvss 3.3epss 0.00
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials.…