| tiêu đề | IROAD Dashcam X series (X5, X6, etc) Missing Authentication |
|---|
| Mô tả | Remotely Dump Video Footage and Live Video Stream
The IROAD X series (X5, X6, etc) dashcam exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam’s network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092's RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner's knowledge. This vulnerability results in severe privacy risks, including exposure of location data embedded in recordings. |
|---|
| Nguồn | ⚠️ https://github.com/geo-chen/IROAD#finding-4-remotely-dump-video-footage-and-live-video-stream |
|---|
| Người dùng | geochen (UID 78995) |
|---|
| Đệ trình | 08/03/2025 17:25 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 15/03/2025 19:22 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 299810 [IROAD Dash Cam X5/Dash Cam X6 đến 20250308 API Endpoint xác thực yếu] |
|---|
| điểm | 20 |
|---|