CVE-2025-12915
📋 TL;DR
This vulnerability in 70mai X200 dashcams allows local attackers to hijack init scripts through file inclusion, potentially enabling persistent unauthorized access. It affects 70mai X200 dashcams up to version 20251019. Attackers need physical or local access to the device to exploit this vulnerability.
💻 Affected Systems
- 70mai X200 Omni Dashcam
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An attacker with physical access could achieve persistent root-level compromise of the dashcam, enabling data theft, manipulation of recordings, or using the device as a foothold in connected networks.
Likely Case
Local attackers could install backdoors or malware that persists across reboots, compromising dashcam functionality and potentially accessing stored video data.
If Mitigated
With proper physical security controls preventing unauthorized access to devices, the vulnerability remains dormant with minimal risk.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Attack requires local access and high complexity manipulation. Vendor has not responded to disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Monitor 70mai official channels for firmware updates addressing CVE-2025-12915.
🔧 Temporary Workarounds
Physical Security Controls
allPrevent unauthorized physical access to dashcam devices
Firmware Integrity Monitoring
allMonitor dashcam firmware for unauthorized modifications
🧯 If You Can't Patch
- Implement strict physical security controls for dashcam installations
- Isolate dashcam networks from critical systems and monitor for unusual activity
🔍 How to Verify
Check if Vulnerable:
Check dashcam firmware version. If version is 20251019 or earlier, device is vulnerable.Check Version:
Check device settings or manufacturer documentation for firmware version informationVerify Fix Applied:
Update to firmware version newer than 20251019 when available from vendor.📡 Detection & Monitoring
Log Indicators:
- Unexpected init script modifications
- Unauthorized file system changes in /etc/init.d or similar directories
Network Indicators:
- Unusual network traffic from dashcam devices
- Connections to unexpected external IPs
SIEM Query:
Device logs showing file modifications in system init directories OR network traffic anomalies from dashcam IPs🔗 References
- https://github.com/geo-chen/70mai/blob/main/README.md#finding-11-init-script-binary-hijack-persistence-vulnerability-in-70mai-x200-omni-dashcam
- https://vuldb.com/?ctiid.331633
- https://vuldb.com/?id.331633
- https://vuldb.com/?submit.678285
- https://github.com/geo-chen/70mai/blob/main/README.md#finding-11-init-script-binary-hijack-persistence-vulnerability-in-70mai-x200-omni-dashcam
