CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell	Third Party Advisory Exploit
https://www.iroadau.com.au/downloads/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:iroadau:fx2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:iroadau:fx2:-:*:*:*:*:*:*:*

History

06 Nov 2025, 20:24

Type	Values Removed	Values Added
CPE		cpe:2.3:h:iroadau:fx2:-:::::::* cpe:2.3:o:iroadau:fx2_firmware:-:::::::*
First Time		Iroadau Iroadau fx2 Iroadau fx2 Firmware
References	~~() https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell -~~	() https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell - Third Party Advisory, Exploit
References	~~() https://www.iroadau.com.au/downloads/ -~~	() https://www.iroadau.com.au/downloads/ - Product

Information

Published : 2025-06-26 17:15

Updated : 2025-11-06 20:24

NVD link : CVE-2025-30131

Mitre link : CVE-2025-30131

CVE.ORG link : CVE-2025-30131

JSON object : View

Products Affected

iroadau

fx2
fx2_firmware

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2025-30131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-26T17:15:30.743", "references": [{"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell", "tags": ["Third Party Advisory", "Exploit"], "source": "[email protected]"}, {"url": "https://www.iroadau.com.au/downloads/", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos IROAD Dashcam FX2. Un endpoint de carga de archivos no autenticado puede utilizarse para ejecutar comandos arbitrarios cargando un webshell basado en CGI. Una vez cargado el archivo, el atacante puede ejecutar comandos con privilegios de root, obteniendo as\u00ed control total sobre la dashcam. Adem\u00e1s, al cargar un binario netcat (nc), el atacante puede establecer un shell inverso, manteniendo acceso remoto persistente y privilegiado al dispositivo. Esto permite el control total del dispositivo."}], "lastModified": "2025-11-06T20:24:24.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:iroadau:fx2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C21728-4D54-42DB-98C8-B0B7C7A38B2C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:iroadau:fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E62E438-2D69-401D-B5A8-B54565CE049E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}