CVE-2025-30126 is a security vulnerability identified in Marbella KR8s Dashcam FF version 2.0.8 devices. The vulnerability allows a remote attacker to connect to the dashcam via port 7777 without any authentication, pairing, or physical interaction such as pressing a button on the device. Exploiting this flaw, an attacker can perform several malicious actions including disabling the dashcam's recording functionality, deleting existing recordings, and disabling the battery protection mechanism. The battery protection feature is designed to prevent the car battery from draining completely; disabling it can cause the battery to become flat, effectively immobilizing the vehicle. Notably, these changes occur silently without any audible or visible indication on the dashcam, leaving the owner unaware of the compromise. This vulnerability arises from inadequate access controls and lack of authentication on the network interface exposed by the dashcam. Since the dashcam is connected to the vehicle and controls critical features related to recording and battery management, the attack surface extends beyond privacy concerns to potential vehicle usability and safety issues. The vulnerability does not require user interaction or physical proximity beyond network access to port 7777, which may be exposed on local networks or possibly via remote access if the device is connected to the internet or a compromised network. There is no CVSS score assigned yet, and no known exploits in the wild have been reported as of the publication date. No patches or mitigations have been officially released at this time.

For European organizations, especially those involved in fleet management, transportation services, or automotive security, this vulnerability poses significant risks. The ability to remotely disable recording compromises the integrity and availability of video evidence, which is critical for incident investigation, insurance claims, and legal compliance. Deleting recordings can erase evidence of accidents or malicious activity, undermining accountability. More critically, disabling battery protection can lead to vehicle immobilization, causing operational disruptions, safety hazards, and potential financial losses due to downtime or emergency interventions. Organizations relying on Marbella KR8s Dashcams for security or monitoring could face increased liability and reputational damage if attackers exploit this vulnerability. Additionally, private users in Europe who use these dashcams could experience personal safety risks and inconvenience. The silent nature of the attack means that detection is difficult without active monitoring, increasing the window of exploitation. Given the increasing integration of IoT devices in vehicles across Europe, this vulnerability highlights the broader risk of insufficiently secured automotive peripherals.

1. Network Segmentation: Isolate dashcams on a dedicated network segment with strict firewall rules blocking unauthorized access to port 7777, especially from external or untrusted networks. 2. Disable Unused Services: If possible, disable or restrict access to the dashcam’s network services that are not required for normal operation. 3. Monitor Network Traffic: Implement network monitoring to detect unusual connections or commands targeting port 7777 on dashcams. 4. Vendor Engagement: Engage with Marbella to request security patches or firmware updates addressing this vulnerability and apply them promptly once available. 5. Physical Security: Ensure physical access to the dashcam is controlled to prevent local exploitation or tampering. 6. Incident Response Preparation: Develop procedures to quickly identify and respond to dashcam tampering, including verifying recording status and battery protection settings regularly. 7. Alternative Devices: Consider evaluating alternative dashcam solutions with stronger security controls if patches are delayed or unavailable. 8. User Awareness: Educate users and drivers about the signs of dashcam malfunction and encourage reporting anomalies immediately.