Enviar #595444: 70mai dashcam Dash Cam 1S Improper Access Controlsinformación

Título70mai dashcam Dash Cam 1S Improper Access Controls
DescripciónOnce connected to the network of 70mai Dashcam 1S, all video recordings can be dumped via http://x.x.x.x/SD/Normal/$FILE_NAME without any http-level authentication: http://x.x.x.x/SD/Normal/$FILE_NAME The RTSP feed can also be accessed directly at port 554 - rtsp://x.x.x.x/liveRTSP/av4: rtsp://x.x.x.x/liveRTSP/av4 A remote attacker nearby can connect to the dashcam to view livestream or dump recorded sensitive media files.
Fuente⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream
Usuario
 geochen (UID 78995)
Sumisión2025-06-11 17:17 (hace 10 meses)
Moderación2025-06-23 16:11 (12 days later)
EstadoAceptado
Entrada de VulDB313641 [70mai 1S hasta 20250611 Video Services autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!