| عنوان | 70mai dashcam Dash Cam 1S Improper Access Controls |
|---|
| الوصف | Once connected to the network of 70mai Dashcam 1S, all video recordings can be dumped via http://x.x.x.x/SD/Normal/$FILE_NAME without any http-level authentication:
http://x.x.x.x/SD/Normal/$FILE_NAME
The RTSP feed can also be accessed directly at port 554 - rtsp://x.x.x.x/liveRTSP/av4:
rtsp://x.x.x.x/liveRTSP/av4
A remote attacker nearby can connect to the dashcam to view livestream or dump recorded sensitive media files. |
|---|
| المصدر | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream |
|---|
| المستخدم | geochen (UID 78995) |
|---|
| ارسال | 11/06/2025 05:17 PM (10 أشهر منذ) |
|---|
| الاعتدال | 23/06/2025 04:11 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 313641 [70mai 1S حتى 20250611 Video Services توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|