CVE-2025-30109

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and...

CVE-2025-30113

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These...

Malicious code in axonify (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22991c04631c7553b040a72573bc7d0ad80886ab6bc834ac43f1e1611f85ea02 The package is capable of installing malware from a hardcoded URL. The malware is well-recognized and acts as infostealer. Interestingly, it uses Steam profile...

MAL-2025-191688 Malicious code in axonify (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 22991c04631c7553b040a72573bc7d0ad80886ab6bc834ac43f1e1611f85ea02 The package is capable of installing malware from a hardcoded URL. The malware is well-recognized and acts as infostealer. Interestingly, it uses Steam profile...

Exploit for Use of Hard-coded Credentials in Tp-Link Tl-Wr845N_Firmware

Poc-CVE-2024-57040 CVE-2024-57040 is a security vulnerability...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

CVE-2025-30123

CVE-2025-30123 affects ROADCAM X3 devices; the Viidure mobile APK contains hardcoded FTP credentials for the FTPX user, enabling unauthorized access and extraction of sensitive recorded footage. Vulnerable component: the APK (Viidure) with hardcoded credentials; root cause is credential exposure ...

CVE-2025-30113

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These...

CVE-2025-30123

An issue was discovered on ROADCAM X3 devices. The mobile app APK Viidure contains hardcoded FTP credentials for the FTPX user account, enabling attackers to gain unauthorized access and extract sensitive recorded footage from the device...

CVE-2025-30109

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and...

CVE-2025-30106

On IROAD v9 devices, the dashcam has hardcoded default credentials "qwertyuiop" that cannot be changed by the user. This allows an attacker within Wi-Fi range to connect to the device's network to perform sniffing...

GNET G-ONX 安全漏洞

GNET G-ONX is a series of car recorders from GNET. A security vulnerability exists in GNET G-ONX version 2.6.2, which stems from the inclusion of hard-coded credentials in the APK that could lead to unauthorized access...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

CVE-2025-30109

CVE-2025-30109 affects the IROAD APK (version 5.2.5). The issue arises from hardcoded credentials in the APK for ports 9091 and 9092, enabling an attacker on the local Wi‑Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage. The provide...

CVE-2025-30113

CVE-2025-30113 affects the Forvia Hella HELLA Driving Recorder DR 820. The dashcam Android APK stores hardcoded credentials in cleartext, enabling unauthorized access to device settings via network ports 9091 and 9092. Affects the dashcam/app, with root cause described as hardcoded credentials in...

CVE-2025-30109

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and...

CVE-2025-30137

CVE-2025-30137 affects the G-Net GNET APK 2.6.2. The issue is hardcoded credentials in the APK that grant unauthorized access to dashcam API endpoints on ports 9091 and 9092. Credentials reported: for port 9091, TibetList and 000000 to list settings; for port 9092 (stream), admin + tibet. Setting...

CVE-2025-30106

The CVE-2025-30106 entry concerns IROAD v9 dashcams that ship with hardcoded default credentials ("qwertyuiop") which cannot be changed by the user. The credential hardening absence enables an attacker within Wi‑Fi range to connect to the device’s network for sniffing. Public sources in the conne...

CVE-2025-30113

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Hardcoded Credentials exist in the APK for Ports 9091 and 9092. The dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. These...

CVE-2025-1724

Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token...