VYPR

Vendor CVEs

Geo Chen

All CVEs

38 total · sorted by risk
  • CVE-2025-30127CriAug 6, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port…

  • CVE-2025-30125CriJul 28, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords…

  • CVE-2025-30124CriJul 28, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this…

  • CVE-2025-30137CriMar 18, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET…

  • CVE-2025-30123CriMar 18, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on ROADCAM X3 devices. The mobile app APK (Viidure) contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device.

  • CVE-2025-30122CriMar 18, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered on ROADCAM X3 devices. It has a uniform default credential set that cannot be modified by users, making it easy for attackers to gain unauthorized access to multiple devices.

  • CVE-2025-2345CriMar 16, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early…

  • CVE-2025-30132CriMar 18, 2025
    risk 0.59cvss 9.1epss 0.00

    An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept…

  • CVE-2025-6529HigJun 23, 2025
    risk 0.57cvss 8.8epss 0.01

    A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local…

  • CVE-2024-57174HigMar 5, 2025
    risk 0.53cvss 8.1epss 0.00

    A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it…

  • CVE-2025-30118HigMar 25, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered on the Audi Universal Traffic Recorder 2.88. It has Susceptibility to denial of service. It uses the same default credentials for all devices and does not implement proper multi-device authentication, allowing attackers to deny the owner access by…

  • CVE-2025-30111HigMar 18, 2025
    risk 0.49cvss 7.5epss 0.00

    On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper…

  • CVE-2025-2343HigMar 16, 2025
    risk 0.49cvss 7.5epss 0.00

    A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is…

  • CVE-2026-1422HigJan 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is…

  • CVE-2025-11943HigOct 19, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to…

  • CVE-2025-11942HigOct 19, 2025
    risk 0.47cvss 7.3epss 0.01

    A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was…

  • CVE-2025-30112HigMar 24, 2025
    risk 0.46cvss 7.1epss 0.00

    On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires a user to physically press on the power…

  • CVE-2025-12915MedNov 8, 2025
    risk 0.42cvss 6.4epss 0.00

    A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is associated with this attack. The…

  • CVE-2026-1423MedJan 26, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been…

  • CVE-2025-2557MedMar 20, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability, which was classified as critical, has been found in Audi UTR Dashcam 2.0. Affected by this issue is some unknown functionality of the component Command API. The manipulation leads to improper access controls. The attack needs to be done within the local network.…

  • CVE-2025-2346MedMar 16, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack…

  • CVE-2025-30126MedJul 28, 2025
    risk 0.34cvss 5.3epss 0.00

    An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the…

  • CVE-2025-2344MedMar 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched…

  • CVE-2025-2342MedMar 16, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-6530MedJun 23, 2025
    risk 0.31cvss 4.8epss 0.01

    A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack.…

  • CVE-2025-6951MedJul 1, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for this attack to succeed. The…

  • CVE-2025-6531MedJun 24, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is…

  • CVE-2025-6528MedJun 23, 2025
    risk 0.28cvss 4.3epss 0.01

    A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication.…

  • CVE-2025-6525MedJun 23, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be…

  • CVE-2025-2556MedMar 20, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local…

  • CVE-2025-54568LowJul 25, 2025
    risk 0.24cvss 3.7epss 0.00

    Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.

  • CVE-2026-1421LowJan 26, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may…

  • CVE-2025-6527LowJun 23, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The…

  • CVE-2025-6526LowJun 23, 2025
    risk 0.20cvss 3.1epss 0.01

    A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the…

  • CVE-2025-6524LowJun 23, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The…

  • CVE-2025-2341LowMar 16, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The…

  • CVE-2025-2555LowMar 20, 2025
    risk 0.19cvss 2.9epss 0.00

    A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an…

  • CVE-2025-2119LowMar 9, 2025
    risk 0.13cvss 2.0epss 0.00

    A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch…