| Title | 70mai Dashcam 1S Authentication Bypass by Primary Weakness |
|---|
| Description | Bypass Device Pairing of 70mai Dashcam 1S
From the official 70mai mobile app, a user needs to perform authorization by clicking on the physical power button in order to connect to the dashcam’s network. However, by connecting to the dashcam’s network and directly accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism that requires a user to physically press on the power button during connection. |
|---|
| Source | ⚠️ https://github.com/geo-chen/70mai?tab=readme-ov-file#finding-1-bypass-device-pairing-of-70mai-dashcam-1s |
|---|
| User | geochen (UID 78995) |
|---|
| Submission | 03/16/2025 01:48 (1 Year ago) |
|---|
| Moderation | 03/21/2025 07:26 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300566 [70mai Dashcam 1S Pairing improper authentication] |
|---|
| Points | 20 |
|---|