CRITICAL🇵🇱 Wersja polska

CVE-2025-30115

CVSS 9.8v3.1pub. 2025-03-18upd. 2025-05-22

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password ("qwertyuiop"), which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network.

🤖 AI Analysis
How it works

The DR 820 dash cam broadcasts a fixed SSID at all times while operating, and the Wi-Fi network password is hardcoded in the firmware and cannot be changed by the user. Since both the SSID and password are identical for all instances of this device and publicly known, anyone within network range can connect to the device without any authorization. The vulnerability is classified as CWE-259 (use of hardcoded password).

Impact

An attacker within Wi-Fi range can gain unauthorized access to the device's network, potentially enabling data interception, interference with dash cam operation, or further attacks on related devices on the network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until a fix is released, it is recommended to restrict physical accessibility of the device and monitor for unauthorized Wi-Fi connections in its vicinity.

Who is affected

Forvia Hella Driving Recorder DR 820 (Hella DR 820 Firmware / Hella DR 820) — specific firmware versions were not indicated in the description; the vulnerability affects the device in its default configuration

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Hella Dr 820

    HW
    Hella
    wszystkie wersje
  • Hella Dr 820 Firmware

    OS
    Hella
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-30113CRITICAL9.8PL ✓ten sam produkt

Hardcoded Credentials w Hella Driving Recorder DR 820 (porty 9091/9092)

CVE-2025-30114CRITICAL9.1PL ✓ten sam produkt

Hella DR 820: Pominięcie uwierzytelniania przez spoofing adresu MAC

CVE-2025-30116HIGH7.5ten sam produkt

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage a...

CVE-2025-30117HIGH7.3ten sam produkt

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sen...