← voltar
CVE-2025-30132

CVE-2025-30132

CVSS 9.1 CRITICALEPSS 0.3%CWE-284
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.1EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device traffic. If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Produtos afetados
n/a · n/a