CVE-2025-30125
📋 TL;DR
Marbella KR8s Dashcam FF 2.0.8 devices ship with a universal default password (12345678) that cannot be changed to a strong password (limited to 8 characters). This allows attackers to easily gain unauthorized access to dashcam systems and potentially compromise connected networks. All users of these dashcams are affected.
💻 Affected Systems
- Marbella KR8s Dashcam FF
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of dashcam systems allowing video surveillance interception, location tracking, firmware modification, and potential pivot to connected vehicle networks or mobile devices.
Likely Case
Unauthorized access to dashcam video feeds, location data theft, and potential privacy violations through continuous surveillance.
If Mitigated
Limited to physical access attacks only, with strong network segmentation preventing lateral movement.
🎯 Exploit Status
Default credentials are publicly documented; password cracking of 8-character passwords is trivial with cloud resources.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://makagps.com/
Restart Required: No
Instructions:
No official patch available. Contact vendor Makagps for firmware updates and check their website for security advisories.
🔧 Temporary Workarounds
Change Default Password
allChange from default 12345678 to strongest possible 8-character password
Use dashcam mobile app or web interface to change password
Network Segmentation
allIsolate dashcam on separate VLAN or network segment
Configure firewall rules to restrict dashcam network access
🧯 If You Can't Patch
- Physically disconnect dashcam from networks when not in use
- Monitor for unauthorized access attempts and review access logs regularly
🔍 How to Verify
Check if Vulnerable:
Attempt to authenticate to dashcam using default credentials 12345678 via mobile app or web interfaceCheck Version:
Check firmware version in dashcam settings or mobile appVerify Fix Applied:
Verify password has been changed from default and cannot be guessed via brute force📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts
- Successful logins from unexpected locations
- Authentication using default credentials
Network Indicators:
- Unusual outbound connections from dashcam
- Traffic to known cracking services
- Protocol anomalies in dashcam communications
SIEM Query:
source="dashcam" AND (event_type="authentication" AND (username="admin" OR password="12345678"))🔗 References
- https://geochen.medium.com/marbella-dashcam-ab40ca41ade
- https://github.com/geo-chen/Marbella/
- https://github.com/geo-chen/Marbella/blob/main/README.md#finding-1---cve-2025-30125-same-default-credentials-and-limited-password-combinations
- https://makagps.com/
- https://www.protiviti.com/sg-en/blogs/6259-8-character-password-still-dead
- https://github.com/geo-chen/Marbella/blob/main/README.md#finding-1---cve-2025-30125-same-default-credentials-and-limited-password-combinations
