Vulnerability Description
An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the car from being used. During the process of changing these settings, there are no indications or sounds on the dashcam to alert the dashcam owner that someone else is making those changes.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://geochen.medium.com/marbella-dashcam-ab40ca41adec
- https://github.com/geo-chen/IROAD-V?tab=readme-ov-file#finding-7---cve-2025-3010
- https://github.com/geo-chen/Marbella/
- https://makagps.com/
FAQ
What is CVE-2025-30126?
CVE-2025-30126 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or eve...
How severe is CVE-2025-30126?
CVE-2025-30126 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-30126?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.