70mai Dashcam M300 HTTP Server Insufficient Credential Protection Vulnerability

A vulnerability exists in the 70mai Dashcam M300 in versions prior to 20250611. The issue arises from an unauthenticated HTTP server that exposes sensitive credentials, specifically the root password, which can be accessed by an attacker within the local network. This vulnerability requires a high level of technical skill to exploit, but a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized access to the device's files via the HTTP server, and the retrieval of the root password, which can be derived to reveal an empty password, granting further access or control over the device.

Reproduction

To reproduce this vulnerability, connect to the dashcam's network without authentication or device pairing. Access the HTTP server on port 80, which is open by default. Once connected, the root password hash can be obtained from the web server. This hash can be cracked to reveal that the password is empty, allowing for root access.

Remediation

It is recommended to firewall the device to block unauthorized access.