Description

An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP interfaces, allowing attackers to retrieve sensitive files and video recordings. By connecting to http://192.168.10.1/mnt/extsd/event/, an attacker can download all stored video recordings in an unencrypted manner. Additionally, the RTSP stream on port 8554 is accessible without authentication, allowing an attacker to view live footage.

INFO

Published Date :

2025-07-25T00:00:00.000Z

Last Modified :

2025-07-25T19:42:32.655Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30135 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30135.

URL Resource
https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-13---cve-2025-30135-locking-owner-out-of-device-dos cve-icon cve-icon
https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-8-dumping-files-over-http-and-rtsp-without-authentication cve-icon cve-icon
https://www.iroadau.com.au/downloads/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact