CVE-2025-30124

CVSS 9.8 CRITICALEPSS 0.3%CWE-312

Vexday Risk Score

28Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 9.8EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

28 jul 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the dashcam, the existing password is written onto the SD card in cleartext automatically. An attacker with temporary access to the dashcam can switch the SD card to steal this password.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://geochen.medium.com/marbella-dashcam-ab40ca41adec https://github.com/geo-chen/Marbella/https://github.com/geo-chen/Marbella/blob/main/README.md#finding-4---cve-2025-30124-passwords-are-stored-in-plaintext-and-can-be-retrieved-with-physical-contact https://makagps.com/