| عنوان | 70mai dashcam M300 Improper Access Controls |
|---|
| الوصف | Remotely Upload Malicious Files and Execute Code
The 70mai Dashcam M300 has port 23 open with weak authentication such that an attacker connecting to the dashcam's network via default credentials, without needing device-pairing, can upload arbitrary/malicious files or even replace firmware via editing the auto-run script(s).
A remote attacker nearby connected to the dashcam's network can write arbitrary code into the dashcam memory or SD, run malicious commands (RCE), or even replace the firmware with a malicious one. |
|---|
| المصدر | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code |
|---|
| المستخدم | geochen (UID 78995) |
|---|
| ارسال | 11/06/2025 05:22 PM (10 أشهر منذ) |
|---|
| الاعتدال | 23/06/2025 04:12 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 313646 [70mai M300 حتى 20250611 Telnet Service تنفيذ التعليمات البرمجية عن بُعد] |
|---|
| النقاط | 20 |
|---|