CVE-2025-30111
Published: 18 March 2025
Description
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Security Summary
CVE-2025-30111 is a missing authentication vulnerability (CWE-306) affecting IROAD v9 dashcam devices. The flaw exposes endpoints that permit listing and downloading of recorded video footage as well as access to live video streams without proper authentication. Published on March 18, 2025, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity due to significant confidentiality impact.
Attackers with network access to the device can exploit this vulnerability remotely without privileges or user interaction. The description notes that unauthorized users who have gained access through other means—such as the device being exposed online or on an accessible network—can directly dump video footage and live streams, compromising sensitive surveillance data.
References include a GitHub repository at https://github.com/geo-chen/IROAD-V, likely containing proof-of-concept details, and a product page at https://iroad-dashcam.nl/iroad/iroad-x5/ for the affected IROAD X5 model. No specific mitigation or patch information is detailed in the available data.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Missing authentication on exposed endpoints enables remote exploitation of public-facing application (T1190); directly facilitates unauthorized collection of video files and streams from local system storage (T1005).