← back
CVE-2025-30125

CVE-2025-30125

CVSS 9.8 CRITICALEPSS 0.4%CWE-798
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jul 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://geochen.medium.com/marbella-dashcam-ab40ca41adehttps://github.com/geo-chen/Marbella/https://github.com/geo-chen/Marbella/blob/main/README.md#finding-1---cve-2025-30125-same-default-credentials-and-limited-password-combinationshttps://makagps.com/https://www.protiviti.com/sg-en/blogs/6259-8-character-password-still-dead