Submeter #678285: 70mai Dashcam X200 Omni Improper Initializationinformação

Título	70mai Dashcam X200 Omni Improper Initialization
Descrição	Init Script Binary Hijack Persistence Vulnerability in 70mai X200 Omni Dashcam Description: The 70mai X200 Omni dashcam is vulnerable to a persistence attack where an init script calls a missing binary, allowing an attacker to place a malicious binary at that path. This binary executes automatically at boot, enabling persistent code execution. This aligns with MITRE ATT&CK techniques T1037.004 (RC Scripts persistence) and T1554 (Hijack Execution Flow via binary replacement). The flaw allows stealthy, persistent control over the device, compromising its integrity and security. Proper binary validation and script hardening are essential to mitigate this risk. Vulnerability Type: Incorrect Access Control / Persistence via Binary Hijacking Affected Component: Initialization Script Attack Type: Local Impact Code execution: True Impact Information Disclosure: True Attack Vectors: An attacker with access to the device’s network or filesystem can place a malicious binary at a path referenced by the boot initialization script (which normally points to a missing binary). This causes the malicious binary to run automatically on device boot, achieving persistent code execution and potentially exposing sensitive information or system control.
Fonte	⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-11-init-script-binary-hijack-persistence-vulnerability-in-70mai-x200-omni-dashcam
Utilizador	geochen (UID 78995)
Submissão	19/10/2025 18h30 (há 8 meses)
Moderação	08/11/2025 08h22 (20 days later)
Estado	Aceite
Entrada VulDB	331633 [70mai X200 até 20251019 Init Script Elevação de Privilégios]
Pontos	20

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!