Soumettre #678285: 70mai Dashcam X200 Omni Improper Initializationinformation

Titre70mai Dashcam X200 Omni Improper Initialization
DescriptionInit Script Binary Hijack Persistence Vulnerability in 70mai X200 Omni Dashcam Description: The 70mai X200 Omni dashcam is vulnerable to a persistence attack where an init script calls a missing binary, allowing an attacker to place a malicious binary at that path. This binary executes automatically at boot, enabling persistent code execution. This aligns with MITRE ATT&CK techniques T1037.004 (RC Scripts persistence) and T1554 (Hijack Execution Flow via binary replacement). The flaw allows stealthy, persistent control over the device, compromising its integrity and security. Proper binary validation and script hardening are essential to mitigate this risk. Vulnerability Type: Incorrect Access Control / Persistence via Binary Hijacking Affected Component: Initialization Script Attack Type: Local Impact Code execution: True Impact Information Disclosure: True Attack Vectors: An attacker with access to the device’s network or filesystem can place a malicious binary at a path referenced by the boot initialization script (which normally points to a missing binary). This causes the malicious binary to run automatically on device boot, achieving persistent code execution and potentially exposing sensitive information or system control.
La source⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-11-init-script-binary-hijack-persistence-vulnerability-in-70mai-x200-omni-dashcam
Utilisateur
 geochen (UID 78995)
Soumission19/10/2025 18:30 (il y a 8 mois)
Modérer08/11/2025 08:22 (20 days later)
StatutAccepté
Entrée VulDB331633 [70mai X200 jusqu’à 20251019 Init Script élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!