| عنوان | BlackVue Dashcam 590X Improper Access Controls |
|---|
| الوصف | Unauthenticated Modifications to Dashcam Configurations
Description: An attacker connected to the dashcam's network can perform more damage by draining and sabotaging the battery of the car.
Using an authenticated upload endpoint that is exposed, an attacker can further add in malicious misconfigurations to sabotage the car's battery and draining it remotely, effectively creating a denial of service on the car.
Vulnerability Type: Incorrect Access Control
Vendor of Product: BlackVue
Affected Product Code Base: BlackVue Dashcam 590X
Affected Component: Unauthenticated Configuration Management
Attack Type: Remote
Impact Code execution: True
Impact Information Disclosure: True
Attack Vectors: A remote attacker can leverage on the lack of authentication on configuration management to disable battery protection on the dashcam to drain the car's battery. |
|---|
| المصدر | ⚠️ https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-unauthenticated-modifications-to-dashcam-configurations |
|---|
| المستخدم | geochen (UID 78995) |
|---|
| ارسال | 24/06/2025 04:19 PM (10 أشهر منذ) |
|---|
| الاعتدال | 05/07/2025 10:10 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 314990 [BlackVue Dashcam 590X حتى 20250624 Configuration /upload.cgi تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|