Súbít #595444: 70mai dashcam Dash Cam 1S Improper Access Controlsbayani

Kura70mai dashcam Dash Cam 1S Improper Access Controls
GaskiyaOnce connected to the network of 70mai Dashcam 1S, all video recordings can be dumped via http://x.x.x.x/SD/Normal/$FILE_NAME without any http-level authentication: http://x.x.x.x/SD/Normal/$FILE_NAME The RTSP feed can also be accessed directly at port 554 - rtsp://x.x.x.x/liveRTSP/av4: rtsp://x.x.x.x/liveRTSP/av4 A remote attacker nearby can connect to the dashcam to view livestream or dump recorded sensitive media files.
Manga⚠️ https://github.com/geo-chen/70mai/blob/main/README.md#finding-2-unauthenticated-file-storage-allowing-remote-dumping-of-video-footage-and-live-video-stream
Màdùmga
 geochen (UID 78995)
Furta06/11/2025 17:17 (8 Wurɗi 전)
Gargajiya06/23/2025 16:11 (12 days later)
HalittaShingilam
VulDB gite313641 [70mai 1S har 20250611 Video Services karkar ndiyamga taƙa]
Nganji20

Interested in the pricing of exploits?

See the underground prices here!