← Back

CVE-2025-30117

nvd nist
Published: Mar 18, 2025Modified: May 22, 2025

JSON object

Loading...
7.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability: 3.9 / Impact: 3.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Managing Settings and Obtaining Sensitive Data and Sabotaging the Car Battery can be performed by unauthorized parties. After bypassing the device pairing, an attacker can obtain sensitive user and vehicle information through the settings interface. Remote attackers can modify power management settings, disable recording, delete stored footage, and turn off battery protection, leading to potential denial-of-service conditions and vehicle battery drainage.

Affected (1)

Hella
1 product
Dr 820 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Dr 820 Firmware
All versions
Running on/withPlatform Versions
Hella
Dr 820
All versions

Related CWEs

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Permissions Required

Timeline

No history available yet.