| 제목 | 70mai dashcam Dash Cam 1S Improper Access Controls |
|---|
| 설명 | Once connected to the network of 70mai Dashcam 1S, all video recordings can be dumped via http://x.x.x.x/SD/Normal/$FILE_NAME without any http-level authentication:
http://x.x.x.x/SD/Normal/$FILE_NAME
The RTSP feed can also be accessed directly at port 554 - rtsp://x.x.x.x/liveRTSP/av4:
rtsp://x.x.x.x/liveRTSP/av4
A remote attacker nearby can connect to the dashcam to view livestream or dump recorded sensitive media files. |
|---|
| 원천 | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream |
|---|
| 사용자 | geochen (UID 78995) |
|---|
| 제출 | 2025. 06. 11. PM 05:17 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 23. PM 04:11 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 313641 [70mai 1S 까지 20250611 Video Services 약한 인증] |
|---|
| 포인트들 | 20 |
|---|