CVE-2025-30113

Critical

Published: 18 March 2025

Published

18 March 2025

Modified

22 May 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Security Summary

CVE-2025-30113 affects the Forvia Hella HELLA Driving Recorder DR 820, specifically its Android application (APK). The vulnerability involves hardcoded credentials stored in cleartext, enabling unauthorized access to device settings via ports 9091 and 9092. Classified as CWE-798 (Use of Hard-coded Credentials), it was published on 2025-03-18 and carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

An attacker who gains access to the dashcam's network can exploit these credentials remotely without requiring privileges, authentication, or user interaction. Successful exploitation grants unauthorized control over device settings, compromising confidentiality, integrity, and availability to a high degree.

Advisories and related resources, including the GitHub repository at https://github.com/geo-chen/Hella and the Medium post at https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26, provide further technical details on the issue. No specific patches or mitigation steps are detailed in the core CVE information.

Details

CWE(s): CWE-798

Affected Products

hella

dr 820 firmware

all versions

MITRE ATT&CK Enterprise Techniques

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1552.001 Credentials In Files Credential Access

Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.

attack.mitre.org →

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1082 System Information Discovery Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1070.004 File Deletion Stealth

Adversaries may delete files left behind by the actions of their intrusion activity.

attack.mitre.org →

T1125 Video Capture Collection

An adversary can leverage a computer's peripheral devices (e.

attack.mitre.org →

T1614 System Location Discovery Discovery

attack.mitre.org →

Why these techniques?

Hardcoded credentials enable unauthorized access to API (port 9091) and RTSP (port 9092), facilitating default/valid account usage, unsecured credentials in files, system/file discovery via settings and video lists, video capture via live stream, data from local system (footage), location discovery from recordings, and file deletion.

References

https://github.com/geo-chen/Hella
Third Party Advisory · cve@mitre.org
https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26
Permissions Required · cve@mitre.org