Thinkware Car Dashcam F800 Pro File Storage Component Access Control Vulnerability

A critical vulnerability has been identified in the Thinkware Car Dashcam F800 Pro, affecting versions through 20250226. The issue arises from improper access controls in the file storage component, allowing an attacker to write arbitrary files or malware to the dashcam. This vulnerability can be exploited remotely within the local network.

Impact

Exploitation of this vulnerability allows for unauthorized write access to the dashcam's file storage, potentially leading to the execution of malicious files or malware on the device.

Reproduction

To reproduce this vulnerability, connect to the dashcam's Wi-Fi network using the default credentials. Once connected, access the RTSP feed and download video recordings via Telnet. During this process, the dashcam will not indicate any activity, leaving the owner unaware of the exploitation.