CVE-2025-30124

{"id": "CVE-2025-30124", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-28T14:15:26.620", "references": [{"url": "https://geochen.medium.com/marbella-dashcam-ab40ca41adec", "source": "[email protected]"}, {"url": "https://github.com/geo-chen/Marbella/", "source": "[email protected]"}, {"url": "https://github.com/geo-chen/Marbella/blob/main/README.md#finding-4---cve-2025-30124-passwords-are-stored-in-plaintext-and-can-be-retrieved-with-physical-contact", "source": "[email protected]"}, {"url": "https://makagps.com/", "source": "[email protected]"}, {"url": "https://github.com/geo-chen/Marbella/blob/main/README.md#finding-4---cve-2025-30124-passwords-are-stored-in-plaintext-and-can-be-retrieved-with-physical-contact", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Marbella KR8s Dashcam FF 2.0.8 devices. Al insertar una tarjeta SD nueva en la dashcam, la contrase\u00f1a existente se escribe autom\u00e1ticamente en texto plano. Un atacante con acceso temporal a la dashcam puede cambiar la tarjeta SD para robar esta contrase\u00f1a."}], "lastModified": "2025-07-30T16:15:26.430", "sourceIdentifier": "[email protected]"}