← Retour aux CVEs

CVE-2025-30127

CRITICAL

9.8

Description

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/6/2025

Derniere modification8/6/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-200CWE-284CWE-521

References

https://geochen.medium.com/marbella-dashcam-ab40ca41adec(cve@mitre.org)

https://github.com/geo-chen/Marbella/(cve@mitre.org)

https://github.com/geo-chen/Marbella/blob/main/README.md#finding-2---cve-2025-30127-video-recordings-open-to-being-downloaded-via-ports-7777-7778-7779(cve@mitre.org)

https://makagps.com/(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.