| tiêu đề | 70mai dashcam M300 Improper Access Controls |
|---|
| Mô tả | Remotely Dump All Sensitive Video & Audio Recordings
The 70mai Dashcam M300 has port 23 open with weak authentication such that an attacker connecting to the dashcam's network via default credentials, without needing device-pairing, can obtain a full list of video recordings and dump them out.
Although directory listing is disabled on the web server for the video recordings stored on SD card to prevent unauthorised personnel from downloading the videos.
A remote attacker nearby connected to the dashcam's network can access the dashcam's telnet session as root user and fetch a full list of sensitive video recordings. |
|---|
| Nguồn | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-5-remotely-dump-all-sensitive-video--audio-recordings |
|---|
| Người dùng | geochen (UID 78995) |
|---|
| Đệ trình | 11/06/2025 17:20 (cách đây 10 các tháng) |
|---|
| Kiểm duyệt | 23/06/2025 16:11 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 313644 [70mai M300 đến 20250611 Web Server nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|