N/A

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.

N/A

N/A

IROAD Dashcam FX2 安全漏洞

IROAD Dashcam FX2是韩国IROAD公司的一款行车记录仪。 IROAD Dashcam FX2存在安全漏洞，该漏洞源于未经验证的文件上传端点，可能导致执行任意命令。

N/A

N/A