CVE-2025-30126

Published: Jul 28, 2025

Modified: Jul 30, 2025

PUBLISHED

Description

An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or press a physical button, a remote attacker can disable recording, delete recordings, or even disable battery protection to cause a flat battery to essentially disable the car from being used. During the process of changing these settings, there are no indications or sounds on the dashcam to alert the dashcam owner that someone else is making those changes.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/geo-chen/Marbella/

https://makagps.com/

https://geochen.medium.com/marbella-dashcam-ab40ca41adec

https://github.com/geo-chen/IROAD-V?tab=readme-ov-file#finding-7---cve-2025-30108-exposed-ftp-administrator-credentials

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-30126

Description

Affected Products

References