| عنوان | Thinkware Car Dashcam F800 Pro Authentication Bypass by Primary Weakness |
|---|
| الوصف | While the official documentation states that we need to pair the dashcam to the phone while using the Thinkware Cloud app, that 2nd factor device registration could be bypassed if the services are accessed directly without going through the app.
Using default credentials 123456789, I could connect to a thinkware dashcam's wifi. Once I connected to the dashcam, I was able to access the rtsp (port 554) feed and also download all sensitive video recordings using telnet (port 23) without needing to press the wifi button. While performing these actions and downloading the video recordings, there were no sounds activated on the dashcam as well so the victim would not know.
|
|---|
| المصدر | ⚠️ https://github.com/geo-chen/Thinkware-Dashcam |
|---|
| المستخدم | geochen (UID 78995) |
|---|
| ارسال | 26/02/2025 05:27 AM (1 سنة منذ) |
|---|
| الاعتدال | 08/03/2025 03:23 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 299032 [Thinkware Car Dashcam F800 Pro حتى 20250226 Device Registration الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|