| Title | i-DRIVE Dashcam i11, i12 Improper Access Controls |
|---|
| Description | Remotely Dump Video Footage and Live Video Stream - An attacker with network access can remotely enumerate all video recordings stored on the dashcam’s SD card via port 9091. These recordings can then be converted from JDR to MP4 format. Additionally, by opening a secondary socket to port 9092 and successfully validating the challenge-response key, an attacker can stream live footage. Extracted recordings may contain sensitive information, including location data. |
|---|
| Source | ⚠️ https://github.com/geo-chen/i-Drive |
|---|
| User | geochen (UID 78995) |
|---|
| Submission | 02/27/2025 04:58 PM (4 months ago) |
|---|
| Moderation | 03/03/2025 01:25 PM (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 298195 [i-Drive i11/i12 up to 20250227 Video Footage/Live Video Stream access control] |
|---|
| Points | 20 |
|---|