CVE-2025-30116
Last modified
CVE-2025-30116 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. EPSS estimates a 0.51% chance of exploitation in the next 30 days.
Description
An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092 to stream the live video feed by bypassing the challenge-response authentication mechanism. This exposes sensitive location and personal data.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hella | Dr 820 Firmware | All versions |
References
- https://github.com/geo-chen/HellaThird Party Advisory
- https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-30116?
How severe is CVE-2025-30116?
How do I fix CVE-2025-30116?
Are you affected by CVE-2025-30116?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST