Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 24/03/2025 Updated: 24/03/2025

70mai Dash Cam 1S Unauthenticated API Access via Network Bypass

A vulnerability exists in 70mai Dash Cam 1S devices that allows unauthorized network access. An attacker can bypass the device's authorization mechanism by connecting directly to the dashcam's network. By accessing the API on port 80 and RTSP on port 554, the attacker can circumvent the security requirement of physically pressing the power button during connection, which is normally enforced by the official mobile app.

70mai Dashcam 1S Product: www70maicom/cam1s Version: Dash Cam 1S Finding 1 - CVE-2025-30112: Bypass Device Pairing of 70mai Dashcam 1S From the official 70mai mobile app, a user needs to perform authorization by clicking on the physical power button in order to connect to the dashcam’s network However, by connecting to the dashcam’s network and directly a

CWE-288 https://nvd.nist.gov https://github.com/geo-chen/70mai https://www.first.org/epss https://github.com/geo-chen/70mai/blob/main/README.md#finding-1---cve-2025-30112-bypass-device-pairing-of-70mai-dashcam-1s https://www.70mai.com/cam1s/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2025-30112

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect