341 matches found
CVE-2025-30117
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information...
CVE-2025-30114
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the...
CVE-2025-30115
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password "qwertyuiop", which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network...
CVE-2025-30113
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These...
CVE-2025-30116
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...
Forvia Hella HELLA Driving Recorder DR 820 安全漏洞
Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in Forvia Hella HELLA Driving Recorder DR 820, which stems from a device pairing mechanism that relies only on the MAC address of the connected device, allowing an attacker to bypass...
CVE-2025-30117
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information...
CVE-2025-30116
CVE-2025-30116 affects the Forvia Hella HELLA Driving Recorder DR 820. A vulnerability allows remote attackers to dump recorded video footage from the SD card via port 9091 and to stream the live video feed via port 9092 by bypassing the challenge–response authentication. Attack requires network ...
Forvia Hella HELLA Driving Recorder DR 820 安全漏洞
Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in Forvia Hella HELLA Driving Recorder DR 820 that stems from the use of a fixed default SSID and password that cannot be modified by the user, allowing unauthorized access to the device...
CVE-2025-30117
The CVE-2025-30117 entry concerns the Forvia Hella HELLA Driving Recorder DR 820. After bypassing device pairing, unauthorized remote access can obtain sensitive user/vehicle data via the settings interface. The root cause is the ability to bypass pairing and access settings, enabling manipulatio...
CVE-2025-30114
CVE-2025-30114 affects the Forvia Hella HELLA Driving Recorder DR 820. The issue is a weakness in the pairing mechanism that relies solely on the connecting device’s MAC address, allowing an attacker to bypass authentication by scanning and spoofing the MAC address, potentially gaining full acces...
Forvia Hella HELLA Driving Recorder DR 820 安全漏洞
Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in the Forvia Hella HELLA Driving Recorder DR 820, which originated from a vulnerability that allows remote attackers to access and download recorded video via port 9091, and stream...
Forvia Hella HELLA Driving Recorder DR 820 安全漏洞
Forvia Hella HELLA Driving Recorder DR 820 is a driving recorder from Forvia. A security vulnerability exists in Forvia Hella HELLA Driving Recorder DR 820, which stems from the use of hard-coded credentials on ports 9091 and 9092 in the APK, which allows an attacker to gain unauthorized access t...
CVE-2025-30117
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information...
CVE-2025-30115
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Default Credentials Cannot Be Changed. It uses a fixed default SSID and password "qwertyuiop", which cannot be modified by users. The SSID is continuously broadcast, allowing unauthorized access to the device network...
CVE-2025-30114
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Bypassing of Device Pairing can occur. The pairing mechanism relies solely on the connecting device's MAC address. By obtaining the MAC address through network scanning and spoofing it, an attacker can bypass the...
CVE-2022-3130
A vulnerability classified as critical has been found in codeprojects Online Driving School. This affects an unknown part of the file /login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...
Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans
Insurance company Allstate and its subsidiary Arity unlawfully collected, used, and sold data about the location and movement of Texans’ cell phones through secretly embedded software in mobile apps, according to Texas Attorney General Ken Paxton. Attorney General Paxton says the companies didn't...
N-LINE vulnerable to HTML injection
Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...
JVN#57285747: N-LINE vulnerable to HTML injection
N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Impact Arbitrary code may be executed on the instructor's...