CVE-2025-30114

Critical CVSS: 9.1

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the authentication process and gain full access to the dashcam's features without proper authorization.

Vendor

Hella

Product

Dr 820 Firmware

CWE

CWE-287

Yayın Tarihi

2025-03-18 15:16:02

Güncelleme

2025-05-22 19:46:19

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-287 Dr 820 Firmware CRITICAL Hella 2025

Referanslar

https://github.com/geo-chen/Hella https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26

Benzer Kayıtlar

Critical

CVE-2025-30113

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Po…

Critical

CVE-2025-30115

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It use…

High

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Liv…

High

CVE-2025-30117

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Dat…