CVE-2025-30106
📋 TL;DR
IROAD v9 dashcams have hardcoded default credentials ('qwertyuiop') that cannot be changed, allowing attackers within Wi-Fi range to connect to the device's network and perform sniffing. This affects all users of IROAD v9 dashcams who have not applied security patches.
💻 Affected Systems
- IROAD v9 dashcams
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full access to the dashcam's network, intercepts video feeds, location data, and potentially compromises connected devices, leading to privacy violations and surveillance.
Likely Case
Attackers within physical proximity connect to the dashcam's Wi-Fi, sniff network traffic, and access stored video footage without authorization.
If Mitigated
With proper network segmentation and access controls, the impact is limited to isolated dashcam data, preventing lateral movement to other systems.
🎯 Exploit Status
Exploitation requires physical proximity to the dashcam's Wi-Fi signal and knowledge of the hardcoded credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor for latest firmware update
Vendor Advisory: https://iroad-dashcam.nl/iroad/iroad-x5/
Restart Required: No
Instructions:
1. Visit the IROAD support website. 2. Download the latest firmware for your dashcam model. 3. Follow the vendor's instructions to update the firmware via SD card or app.
🔧 Temporary Workarounds
Disable Wi-Fi when not in use
allTurn off the dashcam's Wi-Fi functionality to prevent unauthorized connections.
Use the dashcam's settings menu to disable Wi-Fi
Isolate dashcam network
allPlace the dashcam on a separate, isolated network segment to limit exposure.
Configure network VLANs or separate SSID for dashcam
🧯 If You Can't Patch
- Physically secure the dashcam to prevent unauthorized access
- Monitor for suspicious Wi-Fi connections and network activity
🔍 How to Verify
Check if Vulnerable:
Attempt to connect to the dashcam's Wi-Fi network using the password 'qwertyuiop'.Check Version:
Check firmware version in dashcam settings menu or companion appVerify Fix Applied:
After updating firmware, verify that the default password no longer works and that password change functionality is available.📡 Detection & Monitoring
Log Indicators:
- Unauthorized Wi-Fi connection attempts
- Multiple failed login attempts
Network Indicators:
- Unexpected devices connected to dashcam Wi-Fi
- Unusual network traffic from dashcam
SIEM Query:
source="dashcam_logs" AND event="wi-fi_connection" AND user="default"