CVE-2025-30127 is a vulnerability identified in Marbella KR8s Dashcam FF version 2.0.8 devices. The vulnerability arises due to insufficient access control mechanisms on the device's command and media ports. Specifically, if an attacker gains access to the device using default, commonly used, or cracked passwords, they can establish a socket connection to the command port 7777. Through this connection, the attacker can then download sensitive video recordings via port 7778 and audio recordings via port 7779. These recordings may contain highly sensitive information such as detailed routes, private conversations, and other footage captured by the dashcam. The vulnerability does not require any sophisticated exploitation techniques beyond password compromise, which could be facilitated by weak password policies or brute-force attacks. There is no indication of a patch or fix currently available, and no known exploits have been reported in the wild as of the publication date. The lack of a CVSS score suggests this is a newly disclosed vulnerability, and the technical details emphasize the risk of unauthorized data exfiltration through exposed network ports once authentication is bypassed or compromised.

For European organizations, this vulnerability poses significant privacy and security risks, especially for companies relying on Marbella KR8s Dashcam FF devices for fleet management, logistics, or security monitoring. Unauthorized access to video and audio recordings can lead to exposure of confidential information, including sensitive operational routes, client interactions, or internal communications. This could result in reputational damage, regulatory penalties under GDPR due to personal data exposure, and potential physical security risks if attackers use the information for targeted attacks or surveillance. The ease of exploitation via password compromise increases the threat level, particularly for organizations with inadequate password management or monitoring. Additionally, the exposure of audio and video data could violate privacy laws in many European countries, leading to legal consequences. The absence of patches means organizations must rely on compensating controls to mitigate risks in the short term.

European organizations using Marbella KR8s Dashcam FF devices should immediately implement strong password policies, including changing all default and weak passwords to complex, unique credentials. Network segmentation should be applied to isolate dashcam devices from critical infrastructure and limit access to ports 7777, 7778, and 7779 only to authorized management systems. Employing network-level access controls such as firewalls or VLANs can reduce exposure. Continuous monitoring and logging of access attempts to these ports should be established to detect unauthorized connection attempts early. If possible, disable unused services or ports on the dashcam devices. Organizations should also engage with the vendor to request patches or firmware updates addressing this vulnerability. Until a patch is available, consider using VPNs or secure tunnels for remote access to the devices to add an additional layer of authentication and encryption. Finally, conduct regular security awareness training focused on password hygiene and device security for personnel managing these devices.