CVE-2025-2344

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2013-1596

MEDIUM
CVSS:5.3(Medium)

An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554.

CWE-2872013

CVE-2013-1600

MEDIUM
CVSS:5.3(Medium)

An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when streaming live video in D-Link TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-2121 1.06_FR, 1.06, and 1.05_RU, DCS-210...

CWE-2872013

CVE-2016-2102

MEDIUM
CVSS:5.3(Medium)

HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.

CWE-2872016

CVE-2016-5133

MEDIUM
CVSS:5.3(Medium)

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect ...

CWE-2872016

CVE-2016-9646

MEDIUM
CVSS:5.3(Medium)

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata for...

CWE-2872016

CVE-2017-15272

MEDIUM
CVSS:5.3(Medium)

The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "I...

CWE-2872017