| 标题 | SAFECAM dashcam X300 Plaintext Password in Configuration File |
|---|
| 描述 | Same Default Credentials with Hardcoded FTP Credentials in APK
The SAFECAM X300 dashcam ships with identical default credentials for all devices. This allows attackers to use the same credentials to connect to any SAFECAM X3 dashcams with default settings, within range, enabling unauthorized access to multiple devices. An attacker can then connect to the dashcam's FTP server using hardcoded FTP credentials found in the mobile app (Viidure v2.1.1.250317) and remotely download all recorded video footage, exposing sensitive data. |
|---|
| 来源 | ⚠️ https://github.com/geo-chen/SAFECAM |
|---|
| 用户 | geochen (UID 78995) |
|---|
| 提交 | 2025-06-11 17時28分 (10 月前) |
|---|
| 管理 | 2025-07-01 07時46分 (20 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 314488 [SAFECAM X300 直到 20250611 FTP Service 信息公开] |
|---|
| 积分 | 20 |
|---|