IROAD Dashcam FX2 Device Pairing Bypass Vulnerability
Vulnerability
A vulnerability exists in the IROAD Dashcam FX2 that allows attackers to bypass the device pairing and registration process. This issue arises because the dashcam's HTTP server does not enforce pairing requirements, leaving the device open to unauthorized access. To exploit this vulnerability, an attacker must connect to the dashcam's Wi-Fi network using the default password. Once connected, they can access the HTTP server without completing the pairing process. This intrusion goes undetected, as the dashcam does not alert the user when a connection is made.
Impact
Exploitation of this vulnerability allows for unauthorized access to the dashcam, including the ability to modify settings, access video recordings, and disrupt the device's functionality.
Reproduction
To reproduce this vulnerability, connect to the IROAD Dashcam FX2's Wi-Fi network using the default password. After establishing a connection, access the dashcam's HTTP server at 192.168.10.1. This can be done without going through the required pairing process, and the dashcam will not provide any notification of the connection.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.