CVE-2025-30113 – The Forvia Hella HELLA Driving Recorder DR 820 ... (How to Fix)

Q: What is the severity of CVE-2025-30113?

CVE-2025-30113 has a CVSS score of 9.8 (CRITICAL). The Forvia Hella HELLA Driving Recorder DR 820 dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. Attackers on the same network can exploit these cleartext credentials to modify dashcam configurations. All users of this dashcam model with the vulnerable Android app are affected.

📋 TL;DR

The Forvia Hella HELLA Driving Recorder DR 820 dashcam's Android application contains hardcoded credentials that allow unauthorized access to device settings through ports 9091 and 9092. Attackers on the same network can exploit these cleartext credentials to modify dashcam configurations. All users of this dashcam model with the vulnerable Android app are affected.

💻 Affected Systems

Products:

Forvia Hella HELLA Driving Recorder DR 820

Versions: All versions with vulnerable Android application

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the Android APK file containing hardcoded credentials for dashcam communication.

📦 What is this software?

Dr 820 Firmware by Hella

View all CVEs affecting Dr 820 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full control of the dashcam, disables recording, manipulates footage, or uses it as a network pivot point to attack other connected devices.

🟠

Likely Case

Unauthorized users modify dashcam settings, disable security features, or access recorded footage without permission.

🟢

If Mitigated

With network segmentation and access controls, exploitation is limited to authorized network segments only.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the dashcam and knowledge of the hardcoded credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor Forvia Hella for security updates and apply when released.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate dashcam network from critical systems

Firewall Rules

linux

Block external access to dashcam ports 9091 and 9092

iptables -A INPUT -p tcp --dport 9091 -j DROP
iptables -A INPUT -p tcp --dport 9092 -j DROP

🧯 If You Can't Patch

Disconnect dashcam from networks with untrusted devices
Use separate isolated network for dashcam only

🔍 How to Verify

Check if Vulnerable:

Decompile APK and search for hardcoded credentials in code related to ports 9091/9092

Check Version:

Check Android app version in device settings

Verify Fix Applied:

Check if new APK version removes hardcoded credentials from decompiled code

📡 Detection & Monitoring

Log Indicators:

Unauthorized connection attempts to ports 9091/9092
Unexpected configuration changes on dashcam

Network Indicators:

Traffic to/from dashcam ports 9091/9092 from unauthorized IPs
Unusual protocol patterns on dashcam ports

SIEM Query:

source_ip!=authorized_range AND dest_port IN (9091, 9092)

📊 Metadata

CVE ID: CVE-2025-30113

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

EPSS Score: 0.18% exploit probability (39.1th percentile)

Published: March 18, 2025

Last Updated: May 22, 2025

🔗 References

https://github.com/geo-chen/Hella Third Party Advisory
https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26 Permissions Required

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30113, you might also want to check these: