| 标题 | 70mai dashcam Dash Cam 1S Improper Access Controls |
|---|
| 描述 | Once connected to the network of 70mai Dashcam 1S, all video recordings can be dumped via http://x.x.x.x/SD/Normal/$FILE_NAME without any http-level authentication:
http://x.x.x.x/SD/Normal/$FILE_NAME
The RTSP feed can also be accessed directly at port 554 - rtsp://x.x.x.x/liveRTSP/av4:
rtsp://x.x.x.x/liveRTSP/av4
A remote attacker nearby can connect to the dashcam to view livestream or dump recorded sensitive media files. |
|---|
| 来源 | ⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream |
|---|
| 用户 | geochen (UID 78995) |
|---|
| 提交 | 2025-06-11 17時17分 (11 月前) |
|---|
| 管理 | 2025-06-23 16時11分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 313641 [70mai 1S 直到 20250611 Video Services 弱身份验证] |
|---|
| 积分 | 20 |
|---|