QwikSec

Security Database

CVE

CWE

Training

CVE-2025-30125

Published: Jul 28, 2025

Modified: Jul 30, 2025

PUBLISHED

Description

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials of 12345678, which creates an insecure-by-default condition. For users who change their passwords, it's limited to 8 characters. These short passwords can be cracked in 8 hours via low-end commercial cloud resources.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/geo-chen/Marbella/

https://makagps.com/

https://geochen.medium.com/marbella-dashcam-ab40ca41ade

https://www.protiviti.com/sg-en/blogs/6259-8-character-password-still-dead

https://github.com/geo-chen/Marbella/blob/main/README.md#finding-1---cve-2025-30125-same-default-credentials-and-limited-password-combinations

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.