| Название | BlackVue Dashcam 590X Improper Access Controls |
|---|
| Описание | Unauthenticated Modifications to Dashcam Configurations
Description: An attacker connected to the dashcam's network can perform more damage by draining and sabotaging the battery of the car.
Using an authenticated upload endpoint that is exposed, an attacker can further add in malicious misconfigurations to sabotage the car's battery and draining it remotely, effectively creating a denial of service on the car.
Vulnerability Type: Incorrect Access Control
Vendor of Product: BlackVue
Affected Product Code Base: BlackVue Dashcam 590X
Affected Component: Unauthenticated Configuration Management
Attack Type: Remote
Impact Code execution: True
Impact Information Disclosure: True
Attack Vectors: A remote attacker can leverage on the lack of authentication on configuration management to disable battery protection on the dashcam to drain the car's battery. |
|---|
| Источник | ⚠️ https://github.com/geo-chen/BlackVue/blob/main/README.md#finding-2-unauthenticated-modifications-to-dashcam-configurations |
|---|
| Пользователь | geochen (UID 78995) |
|---|
| Представление | 24.06.2025 16:19 (10 месяцы назад) |
|---|
| Модерация | 05.07.2025 10:10 (11 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 314990 [BlackVue Dashcam 590X до 20250624 Configuration /upload.cgi эскалация привилегий] |
|---|
| Баллы | 20 |
|---|