70mai Dashcam Omni X200 Unauthenticated Access to HTTP Server Exposing Default Credentials

A vulnerability exists in the 70mai Dashcam Omni X200 in versions prior to 20251010. The issue arises from an unauthenticated HTTP web server that allows remote access to all files on the device using default credentials. This vulnerability bypasses the need for physical device pairing, as the HTTP and RTSP services are unprotected by authentication. The exploitation of this vulnerability reveals the root password, which is accessible through the HTTP server.

Impact

Exploitation of this vulnerability allows for unauthorized access to the dashcam's files via the HTTP server, including the exposure of the root password. This access is granted without authentication or the need for physical device pairing, creating a significant security risk.

Reproduction

To reproduce this vulnerability, connect to the dashcam's network using default credentials. Once connected, access the HTTP server on port 80. The server will respond with all files stored on the device, including the root password, which is available as a hashed value. The RTSP port 554 can also be accessed to stream live video from the dashcam, without authentication.

Remediation

It is recommended to apply firewall rules to block unauthorized access to the dashcam's HTTP server.