Marbella Dashcam KR8s Unauthenticated Media Download Vulnerability

A vulnerability exists in the Marbella KR8s Dashcam model FF 2.0.8, allowing unauthorized access to video and audio recordings. This issue arises from weak password protections, as the dashcams are shipped with a default password that is easily guessable. Once access is obtained, either through default, common, or cracked passwords, the sensitive media files can be downloaded without any authentication. The vulnerability is exploited by creating a socket connection to the dashcam's command port, and then accessing the media through designated audio and video ports.

Impact

Exploitation of this vulnerability allows for the unauthorized downloading of sensitive video and audio recordings from the dashcam. The downloaded video files could contain private conversations and footage, as well as sensitive location data.

Reproduction

To reproduce this vulnerability, first gain access to the dashcam using the default password or a commonly used password. After accessing the dashcam, create a socket connection to port 7777 to establish a command channel. Once the connection is open, video recordings can be downloaded through port 7778 and audio recordings through port 7779. This process can be automated with a script that handles the socket connections and file downloads.