| タイトル | 70mai dashcam M300 Improper Access Controls |
|---|
| 説明 | Exposed Root Password via Unauthenticated HTTP Server
The 70mai Dashcam M300 has port 80 open without authentication such that an attacker connecting to the dashcam's network via default credentials, without needing device-pairing, can access all files on it.
From the web server, we obtain the root password hash and derive that it's using an empty password.
A remote attacker nearby connected to the dashcam's network can access all files on the web server without going through authentication or device pairing and can obtain the root password. |
|---|
| ソース | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-4-exposed-root-password-via-unauthenticated-http-server |
|---|
| ユーザー | geochen (UID 78995) |
|---|
| 送信 | 2025年06月11日 17:19 (10 月 ago) |
|---|
| モデレーション | 2025年06月23日 16:11 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 313643 [70mai M300 迄 20250611 HTTP Server 情報漏えい] |
|---|
| ポイント | 20 |
|---|