BlackVue Dashcam 590X Unauthenticated File Upload Vulnerability
Vulnerability
A critical vulnerability exists in the BlackVue Dashcam 590X model, specifically in versions up to 20250624. The issue arises from an unrestricted file upload capability within the HTTP endpoint '/upload.cgi'. This vulnerability can be exploited by uploading malicious files or malware, but only from within the local network. The vulnerability has been publicly disclosed, and an exploit is available.
Impact
Exploitation of this vulnerability allows for unauthorized file uploads, which could lead to the execution of malicious code or malware on the dashcam.
Reproduction
The vulnerability can be reproduced by accessing the '/upload.cgi' endpoint on the dashcam's HTTP server from within the local network. No authentication is required, allowing for unauthenticated uploads.
Remediation
It is recommended to implement restrictive firewall rules to block unauthorized access to the vulnerable upload endpoint.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.