CRITICAL🇵🇱 Wersja polska

CVE-2025-30114

CVSS 9.1v3.1pub. 2025-03-18upd. 2025-05-22

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the authentication process and gain full access to the dashcam's features without proper authorization.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Hella Dr 820

    HW
    Hella
    wszystkie wersje
  • Hella Dr 820 Firmware

    OS
    Hella
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2025-30113CRITICAL9.8PL ✓ten sam produkt

Hardcoded Credentials w Hella Driving Recorder DR 820 (porty 9091/9092)

CVE-2025-30115CRITICAL9.8PL ✓ten sam produkt

Hella DR 820: stałe, niezmieniane domyślne dane logowania do sieci Wi-Fi

CVE-2025-30116HIGH7.5ten sam produkt

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage a...

CVE-2025-30117HIGH7.3ten sam produkt

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sen...