CVE-2025-6529 – The 70mai M300 dash cam has a critical vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-6529?

CVE-2025-6529 has a CVSS score of 8.8 (HIGH). The 70mai M300 dash cam has a critical vulnerability where its Telnet service uses default credentials, allowing attackers on the same local network to gain unauthorized access. This can lead to remote code execution and full device compromise. Only 70mai M300 dash cams with firmware up to June 11, 2025 are affected.

📋 TL;DR

The 70mai M300 dash cam has a critical vulnerability where its Telnet service uses default credentials, allowing attackers on the same local network to gain unauthorized access. This can lead to remote code execution and full device compromise. Only 70mai M300 dash cams with firmware up to June 11, 2025 are affected.

💻 Affected Systems

Products:

70mai M300 dash cam

Versions: All versions up to 20250611

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Only vulnerable when Telnet service is enabled (default configuration). Requires attacker to be on same local network.

📦 What is this software?

M300 Firmware by 70mai

View all CVEs affecting M300 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control of the dash cam, execute arbitrary code, install malware, steal video footage, and potentially pivot to other network devices.

🟠

Likely Case

Unauthorized access to the dash cam's system, enabling data theft, device manipulation, and installation of persistent backdoors.

🟢

If Mitigated

Limited impact if network segmentation isolates the device and default credentials are changed.

🌐 Internet-Facing: LOW (requires local network access, not directly internet-exposed by default)

🏢 Internal Only: HIGH (exploitable by any attacker on the same local network)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit uses default credentials (username/password combination disclosed in public GitHub repository). Simple telnet connection with known credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor has not responded to disclosure. Consider workarounds or replacement.

🔧 Temporary Workarounds

Disable Telnet Service

linux

Permanently disable the Telnet service on the dash cam to prevent credential-based attacks.

telnet 192.168.1.100
login with default credentials
systemctl disable telnet
systemctl stop telnet

Change Default Credentials

linux

Modify the default Telnet credentials to prevent unauthorized access.

telnet 192.168.1.100
login with default credentials
passwd
set new strong password

🧯 If You Can't Patch

Network segmentation: Isolate dash cam on separate VLAN with strict firewall rules
Disable Telnet via physical reset if possible and use only required services

🔍 How to Verify

Check if Vulnerable:

Attempt telnet connection to dash cam IP on port 23 using default credentials from public exploit.

Check Version:

Check device firmware version in settings menu or via telnet: cat /etc/version

Verify Fix Applied:

Verify Telnet service is disabled or credentials no longer work. Test with telnet connection attempts.

📡 Detection & Monitoring

Log Indicators:

Failed/successful Telnet authentication attempts
Unexpected process execution from Telnet sessions

Network Indicators:

Telnet connections to dash cam IP on port 23
Unusual outbound connections from dash cam

SIEM Query:

source="dashcam" AND (event="telnet_login" OR port=23)

📊 Metadata

CVE ID: CVE-2025-6529

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1392

EPSS Score: 0.14% exploit probability (34.4th percentile)

Published: June 23, 2025

Last Updated: November 14, 2025

🔗 References

https://github.com/geo-chen/70mai/blob/main/README.md#finding-7-remotely-upload-malicious-files-and-execute-code Exploit,Third Party Advisory
https://vuldb.com/?ctiid.313646 Permissions Required,VDB Entry
https://vuldb.com/?id.313646 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.595450 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6529, you might also want to check these: