{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2120", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-08T14:23:35.744Z", "datePublished": "2025-03-09T10:31:03.993Z", "dateUpdated": "2025-03-10T15:45:15.593Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-09T10:31:03.993Z"}, "title": "Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-313", "lang": "en", "description": "Cleartext Storage in a File or on Disk"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "Cleartext Storage of Sensitive Information"}]}], "affected": [{"vendor": "Thinkware", "product": "Car Dashcam F800 Pro", "versions": [{"version": "20250226", "status": "affected"}], "modules": ["Configuration File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Thinkware Car Dashcam F800 Pro bis 20250226 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /tmp/hostapd.conf der Komponente Configuration File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine cleartext storage in a file or on disk-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.4, "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.1, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}}], "timeline": [{"time": "2025-03-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-08T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-08T15:28:57.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "geochen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.299033", "name": "VDB-299033 | Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.299033", "name": "VDB-299033 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.507327", "name": "Submit #507327 | Thinkware Car Dashcam F800 Pro Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://github.com/geo-chen/Thinkware-Dashcam", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/geo-chen/Thinkware-Dashcam", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T15:45:03.433893Z", "id": "CVE-2025-2120", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T15:45:15.593Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2120", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T15:45:03.433893Z"}}}], "references": [{"url": "https://github.com/geo-chen/Thinkware-Dashcam", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T15:45:12.094Z"}}], "cna": {"title": "Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk", "credits": [{"lang": "en", "type": "reporter", "value": "geochen (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.4, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.1, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N"}}], "affected": [{"vendor": "Thinkware", "modules": ["Configuration File Handler"], "product": "Car Dashcam F800 Pro", "versions": [{"status": "affected", "version": "20250226"}]}], "timeline": [{"lang": "en", "time": "2025-03-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-08T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-08T15:28:57.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.299033", "name": "VDB-299033 | Thinkware Car Dashcam F800 Pro Configuration File hostapd.conf cleartext storage in a file or on disk", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.299033", "name": "VDB-299033 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.507327", "name": "Submit #507327 | Thinkware Car Dashcam F800 Pro Plaintext Password in Configuration File", "tags": ["third-party-advisory"]}, {"url": "https://github.com/geo-chen/Thinkware-Dashcam", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Thinkware Car Dashcam F800 Pro bis 20250226 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /tmp/hostapd.conf der Komponente Configuration File Handler. Durch das Beeinflussen mit unbekannten Daten kann eine cleartext storage in a file or on disk-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-313", "description": "Cleartext Storage in a File or on Disk"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-09T10:31:03.993Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2120", "state": "PUBLISHED", "dateUpdated": "2025-03-10T15:45:15.593Z", "dateReserved": "2025-03-08T14:23:35.744Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-09T10:31:03.993Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-2120", "lastModified": "2025-03-10T16:15:14.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 1.7, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "PHYSICAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-09T11:15:35.023", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/geo-chen/Thinkware-Dashcam"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.299033"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.299033"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.507327"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/geo-chen/Thinkware-Dashcam"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-313"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}