i-Drive Dashcam i11 and i12 Default WiFi Password Vulnerability

A vulnerability exists in the i-Drive i11 and i12 dashcam models, all firmware versions prior to 20250227, related to the WiFi component. The issue arises from the use of a static default password that cannot be changed, effectively reducing security to a single factor. Although this password is paired with a second authentication factor through device pairing, the unchangeable nature of the password allows nearby attackers to connect to the dashcam's network and intercept traffic.

Impact

Exploitation of this vulnerability allows unauthorized access to the dashcam's WiFi network, where an attacker can intercept data traffic. Furthermore, this vulnerability enables bypassing of the device pairing process, granting access to the dashcam without authorization.

Reproduction

The vulnerability can be reproduced by connecting to the i-Drive dashcam's WiFi network. Once connected, an attacker can access the device through ports 9091 and 9092, using hardcoded credentials found in the dashcam's mobile application. This access allows for enumeration of video recordings, live streaming footage, and manipulation of the dashcam's settings.