Invia #510955: i-DRIVE Dashcam i11, i12 Improper Access Control for Register Interfaceinformazioni

Titoloi-DRIVE Dashcam i11, i12 Improper Access Control for Register Interface
DescrizioneManaging Settings to Obtain Sensitive Data and Sabotaging Car Battery - An attacker can remotely access and read the dashcam’s settings and configuration, exposing sensitive car and driver information. Additionally, they can manipulate device settings, such as lowering the volume to mask remote activity. Spoofing the MAC address of the paired device, an attacker can disable battery protection, potentially draining the vehicle's battery when parked. Further actions include deleting recorded footage, discreetly disabling recording, or performing a factory reset, effectively erasing critical evidence.
Fonte⚠️ https://github.com/geo-chen/i-Drive
Utente
 geochen (UID 78995)
Sottomissione27/02/2025 17:01 (1 Anno fa)
Moderazione03/03/2025 13:25 (4 days later)
StatoAccettato
Voce VulDB298196 [i-Drive i11/i12 fino a 20250227 Device Setting Esecuzione di codice remoto]
Punti20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!