A high-severity vulnerability has been identified in multiple products, including the 70mai X200 dashcam. This flaw could allow a nearby attacker to remotely access the device without authorization, potentially leading to the theft of sensitive video recordings and location data. Organizations using the affected products are exposed to significant privacy and data confidentiality risks.

The vulnerability exists within the device's Wi-Fi access point service, which fails to properly authenticate incoming connections to a specific administrative API endpoint. An attacker within Wi-Fi range of the device can connect to its network and send a specially crafted HTTP request to this endpoint. Successful exploitation allows the attacker to bypass authentication mechanisms, granting them unauthorized access to the device's file system and enabling them to download stored video files, access real-time GPS data, and potentially execute arbitrary commands.

This vulnerability is rated as High severity with a CVSS score of 7.3, posing a significant risk to organizational and personal security. Exploitation could lead to a severe breach of confidentiality, as an attacker could access sensitive video footage and historical GPS location data from company vehicles or personal assets. This data could be used for corporate espionage, tracking of personnel, or public disclosure, resulting in substantial reputational damage, legal liability under privacy regulations (e.g., GDPR, CCPA), and potential physical security risks to employees or assets.

Immediate Action: The primary remediation is to apply the vendor-supplied security update immediately. Firmware updates can typically be applied through the device's companion mobile application or downloaded from the official vendor website. After patching, administrators should review any available device or network logs for signs of unauthorized access or anomalous activity preceding the update.

Proactive Monitoring: Monitor network traffic for unusual connection attempts to the affected devices' Wi-Fi hotspots. If possible, enable and review device-level logs for repeated failed access attempts or connections from unrecognized devices. An increase in traffic to the device's web interface from unknown sources could be an indicator of an exploitation attempt.

Compensating Controls: If immediate patching is not feasible, the primary compensating control is to disable the device's Wi-Fi hotspot feature when not in use for configuration or data transfer. This action removes the network attack vector and mitigates the immediate risk of remote exploitation. Additionally, ensure the default Wi-Fi password for the device has been changed to a strong, unique passphrase.

Public Exploit Available: false

Due to the high severity (CVSS 7.3) of this vulnerability and the significant risk it poses to data confidentiality and privacy, it is strongly recommended that organizations prioritize the immediate patching of all affected devices. While this CVE is not currently listed on the CISA KEV catalog, its characteristics make it an attractive target for attackers. Organizations should treat this as a critical update and implement compensating controls, such as disabling Wi-Fi, on any device that cannot be patched immediately.