| Title | BlackVue Dashcam 590X Improper Access Controls |
|---|
| Description | Unauthenticated Modifications to Dashcam Configurations
Description: An attacker connected to the dashcam's network can perform more damage by draining and sabotaging the battery of the car.
Using an authenticated upload endpoint that is exposed, an attacker can further add in malicious misconfigurations to sabotage the car's battery and draining it remotely, effectively creating a denial of service on the car.
Vulnerability Type: Incorrect Access Control
Vendor of Product: BlackVue
Affected Product Code Base: BlackVue Dashcam 590X
Affected Component: Unauthenticated Configuration Management
Attack Type: Remote
Impact Code execution: True
Impact Information Disclosure: True
Attack Vectors: A remote attacker can leverage on the lack of authentication on configuration management to disable battery protection on the dashcam to drain the car's battery. |
|---|
| Source | ⚠️ https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-unauthenticated-modifications-to-dashcam-configurations |
|---|
| User | geochen (UID 78995) |
|---|
| Submission | 06/24/2025 04:19 PM (23 days ago) |
|---|
| Moderation | 07/05/2025 10:10 AM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 314990 [BlackVue Dashcam 590X up to 20250624 Configuration /upload.cgi access control] |
|---|
| Points | 20 |
|---|