{"vulnerability": "CVE-2025-3013", "sightings": [{"uuid": "449332c6-f8f5-462b-8630-d461b0cfcb47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30132", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkobiehzdu2h", "content": "", "creation_timestamp": "2025-03-18T18:13:39.798597Z"}, {"uuid": "d19a825f-2f47-4926-9f07-8f6a7ebd77a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30132", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-21T03:19:28.000000Z"}, {"uuid": "12930337-31e6-4a77-acef-efc5fa22877b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30131", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lsjxubzkqi23", "content": "", "creation_timestamp": "2025-06-26T20:32:07.522400Z"}, {"uuid": "ca487073-bd97-451f-9779-757893510c90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30132", "type": "seen", "source": "MISP/02fb130c-7874-4693-9b66-81ed91a2e996", "content": "", "creation_timestamp": "2025-08-12T13:33:28.000000Z"}, {"uuid": "639c13a7-366b-48b1-9ea0-4ed8c25d7207", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30132", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8340", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30132\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device traffic. If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks.\n\ud83d\udccf Published: 2025-03-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T13:48:53.858Z\n\ud83d\udd17 References:\n1. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name\n2. https://github.com/geo-chen/IROAD-V", "creation_timestamp": "2025-03-21T14:19:14.000000Z"}, {"uuid": "e2be7d08-c7ef-47f1-8bad-5315dca751c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30131", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19623", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30131\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.\n\ud83d\udccf Published: 2025-06-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-26T16:20:39.134Z\n\ud83d\udd17 References:\n1. https://www.iroadau.com.au/downloads/\n2. https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell", "creation_timestamp": "2025-06-26T16:51:41.000000Z"}, {"uuid": "57d0bf00-da09-451c-bb84-1d877af228b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3013", "type": "seen", "source": "https://t.me/cvedetector/21537", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3013 - NightWolf Penetration Testing Customer Portal IDOR\", \n  \"Content\": \"CVE ID : CVE-2025-3013 \nPublished : March 31, 2025, 4:15 a.m. | 27\u00a0minutes ago \nDescription : Insecure Direct Object References (IDOR) in access control in Customer Portal before 2.1.4 on NightWolf\u00a0Penetration Testing\u00a0allows an attacker to access via manipulating request parameters or object references. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T07:28:38.000000Z"}, {"uuid": "c96075fd-8aaa-4ee0-a49f-0b73956ded95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30139", "type": "seen", "source": "https://t.me/cvedetector/20597", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30139 - G-Net Dashcam BB GONX Default Credentials Weak Wi-Fi Authentication\", \n  \"Content\": \"CVE ID : CVE-2025-30139 \nPublished : March 18, 2025, 8:15 p.m. | 23\u00a0minutes ago \nDescription : An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T21:55:28.000000Z"}, {"uuid": "042f28b4-f963-49e1-b207-20fe111cfc90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30132", "type": "seen", "source": "https://t.me/cvedetector/20577", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30132 - IROAD Dashcam V DNS Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30132 \nPublished : March 18, 2025, 3:16 p.m. | 1\u00a0hour, 15\u00a0minutes ago \nDescription : An issue was discovered on IROAD Dashcam V devices. It uses an unregistered public domain name as an internal domain, creating a security risk. During analysis, it was found that this domain was not owned by IROAD, allowing an attacker to register it and potentially intercept sensitive device traffic. If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T17:44:11.000000Z"}, {"uuid": "edb5af76-a62e-461a-a032-4b9e08f1f4a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30138", "type": "seen", "source": "https://t.me/cvedetector/20596", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30138 - G-Net Dashcam BB GONX Unauthenticated Remote Code Execution and Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-30138 \nPublished : March 18, 2025, 8:15 p.m. | 23\u00a0minutes ago \nDescription : An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T21:55:27.000000Z"}, {"uuid": "0d057f27-acea-47b2-b616-31f07faafa31", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30137", "type": "seen", "source": "https://t.me/cvedetector/20595", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-30137 - G-Net GNET Hardcoded Credentials Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-30137 \nPublished : March 18, 2025, 8:15 p.m. | 23\u00a0minutes ago \nDescription : An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to, the attacker sends a crafted authentication command with TibetList and 000000 to list settings of the dashcam at port 9091. There's a separate set of credentials for port 9092 (stream) that is also exposed in cleartext: admin + tibet. For settings, the required credentials are adim + 000000. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-18T21:55:26.000000Z"}, {"uuid": "b3aa0b66-f6b5-4414-bd83-2793990bef59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3013", "type": "seen", "source": "Telegram/DCVbRdT_qFrZ0rXrPZ-NREmPhb85qceJxgEhmh0x1cJAtg8", "content": "", "creation_timestamp": "2025-03-31T06:00:41.000000Z"}]}