Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Dash Cam FX2

Source -

CNA

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-2350
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.15%
||
7 Day CHG+0.01%
Published-16 Mar, 2025 | 22:00
Updated-17 Mar, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam FX2 upload_file unrestricted upload

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been rated as critical. Affected by this issue is some unknown functionality of the file /action/upload_file. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-IROAD
Product-Dash Cam FX2
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-2349
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-2.3||LOW
EPSS-0.01% / 1.03%
||
7 Day CHG~0.00%
Published-16 Mar, 2025 | 21:31
Updated-17 Mar, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam FX2 Password Hash passwd weak password hash

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-IROAD
Product-Dash Cam FX2
CWE ID-CWE-326
Inadequate Encryption Strength
CWE ID-CWE-916
Use of Password Hash With Insufficient Computational Effort
CVE-2025-2348
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 3.99%
||
7 Day CHG~0.00%
Published-16 Mar, 2025 | 21:00
Updated-17 Mar, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam FX2 HTTP/RTSP event information disclosure

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been classified as problematic. Affected is an unknown function of the file /mnt/extsd/event/ of the component HTTP/RTSP. The manipulation leads to information disclosure. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-IROAD
Product-Dash Cam FX2
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CVE-2025-2347
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 4.73%
||
7 Day CHG~0.00%
Published-16 Mar, 2025 | 20:31
Updated-17 Mar, 2025 | 13:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IROAD Dash Cam FX2 Device Registration default password

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-IROAD
Product-Dash Cam FX2
CWE ID-CWE-1393
Use of Default Password