← voltar
CVE-2025-30125

CVE-2025-30125

CVSS 9.8 CRITICALEPSS 0.4%CWE-798
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
28 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://geochen.medium.com/marbella-dashcam-ab40ca41adehttps://github.com/geo-chen/Marbella/https://github.com/geo-chen/Marbella/blob/main/README.md#finding-1---cve-2025-30125-same-default-credentials-and-limited-password-combinationshttps://makagps.com/https://www.protiviti.com/sg-en/blogs/6259-8-character-password-still-dead