Submeter #510950: i-DRIVE Dashcam i11, i12 Plaintext Password in Configuration Fileinformação

Títuloi-DRIVE Dashcam i11, i12 Plaintext Password in Configuration File
DescriçãoHardcoded credentials in APK to ports 9091 and 9092: a) Once i-DRIVE's SSID is connected to, the attacker sends a crafted command with "TibetList" and "000*" (redacted) to list settings of the dashcam at port 9091. b) There's a separate set of credentials for port 9092 (stream) that is exposed in plaintext as well, "admin" + "tib*". c) For settings, it's "adim" + "000*" These credentials are used to retrieve the sensitive video footage and camera settings.
Fonte⚠️ https://github.com/geo-chen/i-Drive
Utilizador
 geochen (UID 78995)
Submissão27/02/2025 16h56 (há 1 Ano)
Moderação03/03/2025 13h25 (4 days later)
EstadoAceite
Entrada VulDB298193 [i-Drive i11/i12 até 20250227 APK Autenticação fraca]
Pontos20

Interested in the pricing of exploits?

See the underground prices here!