| 제목 | BlackVue Dashcam 590X Improper Access Controls |
|---|
| 설명 | Unauthenticated Modifications to Dashcam Configurations
Description: An attacker connected to the dashcam's network can perform more damage by draining and sabotaging the battery of the car.
Using an authenticated upload endpoint that is exposed, an attacker can further add in malicious misconfigurations to sabotage the car's battery and draining it remotely, effectively creating a denial of service on the car.
Vulnerability Type: Incorrect Access Control
Vendor of Product: BlackVue
Affected Product Code Base: BlackVue Dashcam 590X
Affected Component: Unauthenticated Configuration Management
Attack Type: Remote
Impact Code execution: True
Impact Information Disclosure: True
Attack Vectors: A remote attacker can leverage on the lack of authentication on configuration management to disable battery protection on the dashcam to drain the car's battery. |
|---|
| 원천 | ⚠️ https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-unauthenticated-modifications-to-dashcam-configurations |
|---|
| 사용자 | geochen (UID 78995) |
|---|
| 제출 | 2025. 06. 24. PM 04:19 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 05. AM 10:10 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 314990 [BlackVue Dashcam 590X 까지 20250624 Configuration /upload.cgi 권한 상승] |
|---|
| 포인트들 | 20 |
|---|