Login Sign Up

CVE-2023-27748

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to upload malicious firmware to BlackVue DR750-2CH LTE dashcams due to missing authenticity verification. Attackers can execute arbitrary code and install backdoors on affected devices. All users of the vulnerable firmware version are affected.

💻 Affected Systems

Products:
  • BlackVue DR750-2CH LTE
Versions: v.1.012_2022.10.26
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running this specific firmware version are vulnerable by default.

📦 What is this software?

Dr750 2ch Ir Lte Firmware by Blackvue

View all CVEs affecting Dr750 2ch Ir Lte Firmware →

Dr750 2ch Lte Firmware by Blackvue

View all CVEs affecting Dr750 2ch Lte Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of dashcam system allowing persistent backdoor access, data exfiltration, and potential lateral movement to connected networks.

🟠

Likely Case

Unauthorized firmware installation leading to device malfunction, data theft, or surveillance compromise.

🟢

If Mitigated

No impact if firmware authenticity checks are properly implemented and validated.

🌐 Internet-Facing: HIGH - Dashcams with LTE connectivity are directly accessible over the internet.
🏢 Internal Only: MEDIUM - Devices on internal networks could be targeted through network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

GitHub repositories contain proof-of-concept code demonstrating the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://blackvue.com

Restart Required: No

Instructions:

Check BlackVue website for firmware updates. If available, download and install through the BlackVue app or web interface.

🔧 Temporary Workarounds

Disable remote firmware updates

all

Prevent unauthorized firmware uploads by disabling remote update capabilities

Network segmentation

all

Isolate dashcams on separate network segments to limit attack surface

🧯 If You Can't Patch

  • Disconnect devices from internet and use local-only operation
  • Implement strict firewall rules to block all incoming connections to dashcams

🔍 How to Verify

Check if Vulnerable:

Check firmware version in BlackVue app or web interface. If version is 1.012_2022.10.26, device is vulnerable.

Check Version:

Check via BlackVue mobile app or web interface firmware settings

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.012_2022.10.26

📡 Detection & Monitoring

Log Indicators:

  • Unexpected firmware update events
  • Unusual network traffic from dashcam

Network Indicators:

  • Unusual outbound connections from dashcam
  • Firmware upload traffic to unexpected sources

SIEM Query:

source="blackvue" AND (event="firmware_update" OR event="unauthorized_access")

📊 Metadata

CVE ID: CVE-2023-27748
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-345
Published: April 13, 2023
Last Updated: February 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27748, you might also want to check these:

CVE-2022-30315 9.8

Honeywell Experion PKS Safety Manager controllers lack cryptographic authentication for control logi...

Same vulnerability type (CWE-345)
CVE-2025-66255 9.8

This vulnerability allows unauthenticated attackers to upload malicious firmware files to Mozart FM ...

Same vulnerability type (CWE-345)
CVE-2022-26871 9.8

CVE-2022-26871 is a critical arbitrary file upload vulnerability in Trend Micro Apex Central that al...

Same vulnerability type (CWE-345)