| Titre | SAFECAM dashcam X300 Plaintext Password in Configuration File |
|---|
| Description | Same Default Credentials with Hardcoded FTP Credentials in APK
The SAFECAM X300 dashcam ships with identical default credentials for all devices. This allows attackers to use the same credentials to connect to any SAFECAM X3 dashcams with default settings, within range, enabling unauthorized access to multiple devices. An attacker can then connect to the dashcam's FTP server using hardcoded FTP credentials found in the mobile app (Viidure v2.1.1.250317) and remotely download all recorded video footage, exposing sensitive data. |
|---|
| La source | ⚠️ https://github.com/geo-chen/SAFECAM |
|---|
| Utilisateur | geochen (UID 78995) |
|---|
| Soumission | 11/06/2025 17:28 (il y a 11 mois) |
|---|
| Modérer | 01/07/2025 07:46 (20 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 314488 [SAFECAM X300 jusqu’à 20250611 FTP Service divulgation d'information] |
|---|
| Points | 20 |
|---|