CVE-2025-30117

High CVSS: 7.3

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information through the settings interface. Remote attackers can modify power management settings, disable recording, delete stored footage, and turn off battery protection, leading to potential denial-of-service conditions and vehicle battery drainage.

Vendor

Hella

Product

Dr 820 Firmware

CWE

CWE-285

Yayın Tarihi

2025-03-18 15:16:02

Güncelleme

2025-05-22 19:40:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-285 Dr 820 Firmware HIGH Hella 2025

Referanslar

https://github.com/geo-chen/Hella https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26

Benzer Kayıtlar

Critical

CVE-2025-30113

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Po…

Critical

CVE-2025-30114

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pa…

Critical

CVE-2025-30115

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It use…

High

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Liv…