CVE-2025-30116

High

Published: 18 March 2025

Published

18 March 2025

Modified

22 May 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0024 46.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Security Summary

CVE-2025-30116, published on 2025-03-18, affects the Forvia Hella HELLA Driving Recorder DR 820. This vulnerability, rooted in CWE-287 (Improper Authentication), allows remote dumping of recorded video footage from the device's SD card via port 9091 and access to the live video stream via port 9092. Attackers can bypass the challenge-response authentication mechanism, exposing sensitive location and personal data. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact with low complexity.

Remote attackers with network access to the device can exploit this without privileges or user interaction. By connecting directly to the specified ports, they can download all stored video footage from the SD card and stream live video feeds, compromising privacy through revelation of vehicle paths, occupants, and other recorded details.

Researcher advisories are available at https://github.com/geo-chen/Hella and https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26, which detail the issue and likely include proof-of-concept demonstrations, though no vendor patches or specific mitigations are referenced in the CVE description.

Details

CWE(s): CWE-287

Affected Products

hella

dr 820 firmware

all versions

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1025 Data from Removable Media Collection

Adversaries may search connected removable media on computers they have compromised to find files of interest.

attack.mitre.org →

T1083 File and Directory Discovery Discovery

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

attack.mitre.org →

T1125 Video Capture Collection

An adversary can leverage a computer's peripheral devices (e.

attack.mitre.org →

T1614 System Location Discovery Discovery

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthorized remote listing (T1083) and dumping of video footage from the local system and SD card removable media (T1005, T1025), live video streaming (T1125), and extraction of sensitive location data (T1614).

References

https://github.com/geo-chen/Hella
Third Party Advisory · cve@mitre.org
https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26
Permissions Required · cve@mitre.org