| Название | 70mai dashcam Dash Cam 1S Improper Access Controls |
|---|
| Описание | Once connected to the network of 70mai Dashcam 1S, all video recordings can be dumped via http://x.x.x.x/SD/Normal/$FILE_NAME without any http-level authentication:
http://x.x.x.x/SD/Normal/$FILE_NAME
The RTSP feed can also be accessed directly at port 554 - rtsp://x.x.x.x/liveRTSP/av4:
rtsp://x.x.x.x/liveRTSP/av4
A remote attacker nearby can connect to the dashcam to view livestream or dump recorded sensitive media files. |
|---|
| Источник | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream |
|---|
| Пользователь | geochen (UID 78995) |
|---|
| Представление | 11.06.2025 17:17 (10 месяцы назад) |
|---|
| Модерация | 23.06.2025 16:11 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 313641 [70mai 1S до 20250611 Video Services слабая аутентификация] |
|---|
| Баллы | 20 |
|---|