CVE-2025-30126 is a medium-severity vulnerability affecting Marbella KR8s Dashcam FF 2.0.8 devices. The vulnerability allows a remote attacker to connect to the dashcam via port 7777 without any authentication, pairing, or physical interaction such as pressing a button. Exploiting this flaw, an attacker can remotely disable the dashcam's recording functionality, delete existing recordings, or disable the battery protection feature. Disabling battery protection can cause the dashcam to drain the vehicle's battery completely, potentially rendering the car unusable due to a flat battery. Notably, the dashcam provides no visual or audible indication during these unauthorized changes, leaving the owner unaware of the compromise. The vulnerability stems from improper access control (CWE-306), where critical functions are exposed without authentication or authorization checks. The CVSS v3.1 base score is 5.3 (medium), with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), limited integrity impact (I:L), and no availability impact (A:N). No known exploits are reported in the wild, and no patches have been published yet. This vulnerability highlights significant security design flaws in the dashcam's remote management interface, exposing vehicle owners to privacy risks and potential vehicle immobilization through battery drainage.

For European organizations, especially those involved in fleet management, transportation services, or automotive security, this vulnerability poses multiple risks. Unauthorized disabling or deletion of dashcam recordings can hinder incident investigations, insurance claims, and legal evidence collection, impacting operational integrity and liability management. The ability to disable battery protection and cause a flat battery could lead to vehicle downtime, disrupting logistics, deliveries, or employee transportation. This could result in financial losses, reputational damage, and safety concerns. Privacy implications arise as attackers could manipulate recordings without detection, potentially covering malicious activities or tampering with evidence. Although the vulnerability does not directly compromise confidentiality, the integrity of recorded data is at risk. The lack of alerts or notifications increases the stealthiness of attacks, complicating incident detection and response. Organizations relying on these dashcams should consider the operational impact of potential exploitation, especially in critical transport sectors or where dashcams are mandated for compliance or safety monitoring.

Given the absence of patches, European organizations should implement compensating controls immediately. First, restrict network access to port 7777 on dashcam devices by segmenting the network and applying firewall rules to allow only trusted management systems to communicate with the dashcams. Disable or block remote management features if not strictly necessary. Monitor network traffic for unusual connections to port 7777 and set up alerts for any unauthorized access attempts. Physically secure dashcam devices to prevent tampering and regularly audit device configurations. Engage with the vendor to demand timely security patches and updates. Consider deploying endpoint detection and response (EDR) solutions on connected vehicle systems to detect anomalous behavior indicative of exploitation attempts. For fleet operators, implement operational procedures to verify dashcam functionality regularly and maintain backup recording solutions. Finally, educate staff about the risks and signs of dashcam tampering to improve detection and response capabilities.