{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2347","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-15T18:22:33.123Z","datePublished":"2025-03-16T20:31:04.413Z","dateUpdated":"2025-03-17T13:45:11.469Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-16T20:31:04.413Z"},"title":"IROAD Dash Cam FX2 Device Registration default password","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-1393","lang":"en","description":"Use of Default Password"}]}],"affected":[{"vendor":"IROAD","product":"Dash Cam FX2","versions":[{"version":"20250308","status":"affected"}],"modules":["Device Registration"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in IROAD Dash Cam FX2 up to 20250308 and classified as problematic. This issue affects some unknown processing of the component Device Registration. The manipulation of the argument Password with the input qwertyuiop leads to use of default password. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in IROAD Dash Cam FX2 bis 20250308 gefunden. Betroffen davon ist ein unbekannter Prozess der Komponente Device Registration. Durch Manipulieren des Arguments Password mit der Eingabe qwertyuiop mit unbekannten Daten kann eine use of default password-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei im lokalen Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5.8,"vectorString":"AV:A/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-03-15T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-15T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-15T19:27:56.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.299813","name":"VDB-299813 | IROAD Dash Cam FX2 Device Registration default password","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.299813","name":"VDB-299813 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-7-bypass-of-device-pairingregistration-for-iroad-fx2","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-17T13:41:53.931142Z","id":"CVE-2025-2347","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-17T13:45:11.469Z"}}]}}