| 제목 | 70mai dash cam omni x200 Improper Access Controls |
|---|
| 설명 | Bypass Device Pairing of 70mai Dashcam Omni X200
From the official 70mai mobile app, a user needs to perform authorization by clicking on the physical power button in order to connect to the dashcam’s network. However, by connecting to the dashcam’s network and directly accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism that requires a user to physically press on the power button during connection. Moreover, the http and rtsp services are not protected by any form of authentication. |
|---|
| 원천 | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-9-bypass-device-pairing-of-70mai-dashcam-omni-x200 |
|---|
| 사용자 | geochen (UID 78995) |
|---|
| 제출 | 2025. 10. 10. AM 06:46 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 19. AM 04:39 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329021 [70mai X200 까지 20251010 Pairing 약한 인증] |
|---|
| 포인트들 | 20 |
|---|