cvedb.io
CVE-2025-30133
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-07-28T14:15:26.830 · Last modified 2026-06-17T09:08:13.380

Summary

An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via the "IROAD X View" app for authentication, but its HTTP server lacks this restriction. Once connected to the dashcam's Wi-Fi network via the default password ("qwertyuiop"), an attacker can directly access the HTTP server at http://192.168.10.1 without undergoing the pairing process. Additionally, no alert is triggered on the device when an attacker connects, making this intrusion completely silent.

Affected products

iroadau — fx2_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when iroadau ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.