| タイトル | BlackVue Dashcam 590X Improper Access Controls |
|---|
| 説明 | Unauthenticated Modifications to Dashcam Configurations
Description: An attacker connected to the dashcam's network can perform more damage by draining and sabotaging the battery of the car.
Using an authenticated upload endpoint that is exposed, an attacker can further add in malicious misconfigurations to sabotage the car's battery and draining it remotely, effectively creating a denial of service on the car.
Vulnerability Type: Incorrect Access Control
Vendor of Product: BlackVue
Affected Product Code Base: BlackVue Dashcam 590X
Affected Component: Unauthenticated Configuration Management
Attack Type: Remote
Impact Code execution: True
Impact Information Disclosure: True
Attack Vectors: A remote attacker can leverage on the lack of authentication on configuration management to disable battery protection on the dashcam to drain the car's battery. |
|---|
| ソース | ⚠️ https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-unauthenticated-modifications-to-dashcam-configurations |
|---|
| ユーザー | geochen (UID 78995) |
|---|
| 送信 | 2025年06月24日 16:19 (10 月 ago) |
|---|
| モデレーション | 2025年07月05日 10:10 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 314990 [BlackVue Dashcam 590X 迄 20250624 Configuration /upload.cgi 特権昇格] |
|---|
| ポイント | 20 |
|---|