| عنوان | 70mai dash cam omni x200 Improper Access Controls |
|---|
| الوصف | Bypass Device Pairing of 70mai Dashcam Omni X200
From the official 70mai mobile app, a user needs to perform authorization by clicking on the physical power button in order to connect to the dashcam’s network. However, by connecting to the dashcam’s network and directly accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism that requires a user to physically press on the power button during connection. Moreover, the http and rtsp services are not protected by any form of authentication. |
|---|
| المصدر | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-9-bypass-device-pairing-of-70mai-dashcam-omni-x200 |
|---|
| المستخدم | geochen (UID 78995) |
|---|
| ارسال | 10/10/2025 06:46 AM (8 أشهر منذ) |
|---|
| الاعتدال | 19/10/2025 04:39 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 329021 [70mai X200 حتى 20251010 Pairing توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|