Forvia Hella Driving Recorder DR 820 Video Access Vulnerability

A vulnerability in the Forvia Hella Driving Recorder DR 820 allows remote attackers to access and download recorded video footage from the device's SD card via port 9091. Additionally, attackers can stream the live video feed through port 9092 by bypassing the challenge-response authentication mechanism. This issue exposes sensitive location and personal data.

Impact

Exploitation of this vulnerability allows for unauthorized access to recorded and live video footage, including sensitive location and personal information.

Reproduction

The vulnerability can be reproduced by connecting to the Hella Driving Recorder DR 820 over the network. Once connected, authenticated access can be gained using the hardcoded credentials found in the application's APK. After authentication, recorded videos can be downloaded from port 9091, and the live video stream can be accessed through port 9092.