70mai Dash Cam 1S Improper Authorization Vulnerability in Configuration Handler

A vulnerability allowing unauthorized configuration changes has been identified in the 70mai Dash Cam 1S, affecting versions through 20250611. The issue resides in the Configuration Handler, specifically within the file '/cgi-bin/Config.cgi?action=set'. This vulnerability stems from improper authorization, allowing attackers to manipulate settings without notification or physical interaction with the device. Exploitation can disrupt the dash cam's battery protection, potentially draining the car's battery.

Impact

Exploitation of this vulnerability allows for unauthorized changes to the dash cam's configuration, including the ability to disable battery protection features, which can lead to battery drain.

Reproduction

To reproduce this vulnerability, connect to the same local network as the 70mai Dash Cam 1S. Once connected, send a request to the '/cgi-bin/Config.cgi?action=set' endpoint with the desired configuration changes. The absence of proper authorization checks will allow these changes to be applied without alerting the dash cam owner or requiring any physical interaction with the device.

Remediation

It is recommended to implement proper firewall rules to block unauthorized access to the dash cam's configuration endpoints.