Submeter #595447: 70mai dashcam M300 Improper Access Controlsinformação

Título70mai dashcam M300 Improper Access Controls
DescriçãoExposed Root Password via Unauthenticated HTTP Server The 70mai Dashcam M300 has port 80 open without authentication such that an attacker connecting to the dashcam's network via default credentials, without needing device-pairing, can access all files on it. From the web server, we obtain the root password hash and derive that it's using an empty password. A remote attacker nearby connected to the dashcam's network can access all files on the web server without going through authentication or device pairing and can obtain the root password.
Fonte⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-4-exposed-root-password-via-unauthenticated-http-server
Utilizador
 geochen (UID 78995)
Submissão11/06/2025 17h19 (há 10 meses)
Moderação23/06/2025 16h11 (12 days later)
EstadoAceite
Entrada VulDB313643 [70mai M300 até 20250611 HTTP Server Divulgação de Informação]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!