CVE-2025-30106

{"id": "CVE-2025-30106", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-18T14:15:46.480", "references": [{"url": "https://github.com/geo-chen/IROAD-V", "source": "[email protected]"}, {"url": "https://iroad-dashcam.nl/iroad/iroad-x5/", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-259"}]}], "descriptions": [{"lang": "en", "value": "On IROAD v9 devices, the dashcam has hardcoded default credentials (\"qwertyuiop\") that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing."}, {"lang": "es", "value": "En los dispositivos IROAD v9, dashcam tiene credenciales predeterminadas (\"qwertyuiop\") codificadas que el usuario no puede modificar. Esto permite que un atacante dentro del alcance Wi-Fi se conecte a la red del dispositivo para realizar rastreo."}], "lastModified": "2025-03-21T17:15:40.227", "sourceIdentifier": "[email protected]"}