IROAD Dash Cam FX2 Exposed Root Password Vulnerability

A vulnerability exists in the IROAD Dash Cam FX2 in versions prior to 20250308, related to the Password Hash Handler component. The issue arises because the dash cam stores root credentials in the /etc/passwd and /etc/shadow files, using a password hashing method that lacks sufficient computational effort, making it easier to crack the password. This vulnerability requires access to the local network for exploitation, and while the exploitation is considered difficult, a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized access to the dash cam with root privileges, revealing the root password and WiFi password, which is stored in plaintext. This access could be used for persistent unauthorized access to the device.

Reproduction

To reproduce this vulnerability, connect to the dash cam's WiFi network using the default password. Once connected, access the dash cam's HTTP server without going through the required device registration process. The root credentials can then be extracted from the /etc/passwd and /etc/shadow files, cracked to reveal the password, and used to gain root access on the device.