CVE-2025-30111

{"id": "CVE-2025-30111", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-18T15:16:02.323", "references": [{"url": "https://github.com/geo-chen/IROAD-V", "source": "cve@mitre.org"}, {"url": "https://iroad-dashcam.nl/iroad/iroad-x5/", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "On IROAD v9 devices, one can Remotely Dump Video Footage and the Live Video Stream. The dashcam exposes endpoints that allow unauthorized users, who gained access through other means, to list and download recorded videos, as well as access live video streams without proper authentication."}, {"lang": "es", "value": "En los dispositivos IROAD v9, se puede volcar remotamente el metraje de video y la transmisi\u00f3n de video en vivo. La c\u00e1mara del tablero expone endpoints que permiten a usuarios no autorizados, que accedieron por otros medios, acceder a la lista y descargar videos grabados, as\u00ed como a transmisiones de video en vivo sin la debida autenticaci\u00f3n."}], "lastModified": "2025-03-24T22:15:14.610", "sourceIdentifier": "cve@mitre.org"}