{"uuid": "e2be7d08-c7ef-47f1-8bad-5315dca751c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30131", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19623", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30131\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.\n\ud83d\udccf Published: 2025-06-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-26T16:20:39.134Z\n\ud83d\udd17 References:\n1. https://www.iroadau.com.au/downloads/\n2. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell", "creation_timestamp": "2025-06-26T16:51:41.000000Z"}