Marbella KR8s Dashcam Remote Configuration Vulnerability

A vulnerability exists in the Marbella KR8s Dashcam model FF 2.0.8, allowing remote attackers to manipulate the device's settings without authentication. Exploitation can be done through port 7777, where attackers can disable recording, delete saved footage, or turn off battery protection, leading to a drained battery that renders the vehicle inoperable. Notably, these changes occur silently, without any alerts or notifications to the dashcam owner.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the dashcam's settings, including disabling recording and deleting saved videos. Additionally, turning off battery protection can cause the vehicle's battery to drain overnight, potentially leading to battery failure and rendering the car unusable.

Reproduction

The vulnerability can be reproduced by connecting to the dashcam's Wi-Fi network and accessing port 7777. Once connected, an attacker can send commands to disable recording, delete recordings, or turn off battery protection, all without any form of authentication or notification to the dashcam owner.