← Back

CVE-2025-7076

nvd nist
Published: Jul 6, 2025Modified: Apr 29, 2026

JSON object

Loading...
2.1
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: CNA (Secondary)

Description

A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Blackvuenorthamerica
1 product
Blackvue Dr590x Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Blackvue Dr590x Firmware
Up to 2025-06-24
Running on/withPlatform Versions
Blackvuenorthamerica
Blackvue Dr590x
All versions

Related CWEs

CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (5)

Source: cna@vuldb.com
ExploitThird Party Advisory
Source: cna@vuldb.com
Permissions RequiredVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: cna@vuldb.com
Third Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory

Timeline

No history available yet.