关键漏洞信息 Finding 1: CVE-2025-30125 - Same default credentials and limited password combinations Vulnerability Type: Insecure Permissions Vendor of Product: Marbella Affected Product Code Base: KR8s, KRX Affected Component: Weak password strength Attack Type: Remote Impact Code execution: False Impact Information Disclosure: True Attack Vectors: Easy to crack weak 8 char wifi password. Finding 2: CVE-2025-30127 - Video recordings open to being downloaded via ports 7777, 7778, 7779 Vulnerability Type: Insecure Permissions Vendor of Product: Marbella Affected Product Code Base: KR8s, KRX Affected Component: Unauthenticated access downloading of sensitive media files Attack Type: Remote Impact Code execution: False Impact Information Disclosure: True Attack Vectors: A remote attacker merely can connect to the dashcam and dump all sensitive media files. Finding 3: CVE-2025-30126 - Settings can be changed without any other forms of authentication Vulnerability Type: Insecure Access Control Vendor of Product: Marbella Affected Product Code Base: KR8s, KRX Affected Component: Unauthenticated configuration change Attack Type: Remote Impact Code execution: True Impact Information Disclosure: True Attack Vectors: A remote attacker merely connect to the dashcam and make unauthorized changes to the dashcam's configurations without alerting the dashcam owner or pressing any physical pairing button on the dashcam. Finding 4: CVE-2025-30124 - Passwords are stored in plaintext and can be retrieved with physical contact Vulnerability Type: Insecure Access Control Vendor of Product: Marbella Affected Product Code Base: KR8s, KRX Affected Component: Exposed passwords in plaintext Attack Type: Physical Impact Code execution: False Impact Information Disclosure: True Attack Vectors: An attacker with temporary physical access to the dashcam, either without the SD card, can retrieve the dashcam's wifi password in plaintext.