| Title | i-DRIVE Dashcam i11, i12 Improper Access Controls |
|---|
| Description | Remotely Dump Video Footage and Live Video Stream - An attacker with network access can remotely enumerate all video recordings stored on the dashcam’s SD card via port 9091. These recordings can then be converted from JDR to MP4 format. Additionally, by opening a secondary socket to port 9092 and successfully validating the challenge-response key, an attacker can stream live footage. Extracted recordings may contain sensitive information, including location data. |
|---|
| Source | ⚠️ https://github.com/geo-chen/i-Drive |
|---|
| User | geochen (UID 78995) |
|---|
| Submission | 2025年02月27日 16:58 (4 月 ago) |
|---|
| Moderation | 2025年03月03日 13:25 (4 days later) |
|---|
| Status | 承諾済み |
|---|
| VulDB Entry | 298195 [i-Drive i11/i12 まで20250227 Video Footage/Live Video Stream 特権昇格] |
|---|
| Points | 20 |
|---|