CVE-2025-7075: Unrestricted Upload in BlackVue Dashcam 590X
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Analysis
Technical Summary
CVE-2025-7075 is a vulnerability identified in the BlackVue Dashcam 590X device, specifically affecting versions up to 20250624. The vulnerability resides in the HTTP endpoint component, particularly in the /upload.cgi file. It allows an attacker to perform an unrestricted upload of files to the device. This means that an attacker can upload arbitrary files without proper validation or authentication controls. The attack vector requires the attacker to be within the local network, as remote exploitation over the internet is not indicated. The vulnerability has been publicly disclosed, and although the vendor was notified early, no response or patch has been provided. The CVSS 4.0 base score is 5.3, categorized as medium severity, with the vector indicating low attack complexity, no privileges or user interaction required, and partial impacts on confidentiality, integrity, and availability. The unrestricted upload could allow an attacker to upload malicious files, potentially leading to unauthorized code execution, device compromise, or persistent backdoors within the dashcam. Since dashcams often have access to vehicle data and potentially network connectivity, exploitation could lead to privacy breaches or be a foothold for lateral movement within a local network.
Potential Impact
For European organizations, the impact of this vulnerability depends on the deployment context of the BlackVue Dashcam 590X. Organizations using these dashcams in fleet vehicles, corporate cars, or logistics could face risks including unauthorized access to recorded video footage, manipulation or deletion of evidence, and potential compromise of the device as a pivot point within the local network. The unrestricted upload could be leveraged to implant malware or backdoors, threatening confidentiality and integrity of data. Although exploitation requires local network access, in environments where dashcams connect to corporate Wi-Fi or internal vehicle networks, attackers could exploit this vulnerability to escalate attacks. Privacy regulations such as GDPR increase the stakes, as unauthorized access or leakage of video data could result in regulatory penalties. The lack of vendor response and patch availability increases the risk exposure duration. However, the medium CVSS score and local network requirement somewhat limit the scope compared to internet-exposed vulnerabilities.
Mitigation Recommendations
1. Network Segmentation: Isolate dashcam devices on a separate VLAN or network segment with strict access controls to limit local network exposure. 2. Access Control: Restrict access to the dashcam’s management interfaces and HTTP endpoints to authorized personnel and devices only. 3. Monitoring: Implement network monitoring to detect unusual upload activity or unauthorized access attempts targeting /upload.cgi. 4. Device Hardening: Disable or restrict unnecessary services on the dashcam if possible, and change default credentials to strong, unique passwords. 5. Physical Security: Ensure physical access to the dashcam and vehicle network is controlled to prevent attackers from connecting to the local network. 6. Vendor Engagement: Continuously monitor for vendor updates or patches and apply them promptly once available. 7. Incident Response: Prepare to isolate affected devices and conduct forensic analysis if exploitation is suspected. 8. Alternative Solutions: Consider using dashcam models with better security track records or that have received patches for this vulnerability.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden
CVE-2025-7075: Unrestricted Upload in BlackVue Dashcam 590X
Description
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI-Powered Analysis
Technical Analysis
CVE-2025-7075 is a vulnerability identified in the BlackVue Dashcam 590X device, specifically affecting versions up to 20250624. The vulnerability resides in the HTTP endpoint component, particularly in the /upload.cgi file. It allows an attacker to perform an unrestricted upload of files to the device. This means that an attacker can upload arbitrary files without proper validation or authentication controls. The attack vector requires the attacker to be within the local network, as remote exploitation over the internet is not indicated. The vulnerability has been publicly disclosed, and although the vendor was notified early, no response or patch has been provided. The CVSS 4.0 base score is 5.3, categorized as medium severity, with the vector indicating low attack complexity, no privileges or user interaction required, and partial impacts on confidentiality, integrity, and availability. The unrestricted upload could allow an attacker to upload malicious files, potentially leading to unauthorized code execution, device compromise, or persistent backdoors within the dashcam. Since dashcams often have access to vehicle data and potentially network connectivity, exploitation could lead to privacy breaches or be a foothold for lateral movement within a local network.
Potential Impact
For European organizations, the impact of this vulnerability depends on the deployment context of the BlackVue Dashcam 590X. Organizations using these dashcams in fleet vehicles, corporate cars, or logistics could face risks including unauthorized access to recorded video footage, manipulation or deletion of evidence, and potential compromise of the device as a pivot point within the local network. The unrestricted upload could be leveraged to implant malware or backdoors, threatening confidentiality and integrity of data. Although exploitation requires local network access, in environments where dashcams connect to corporate Wi-Fi or internal vehicle networks, attackers could exploit this vulnerability to escalate attacks. Privacy regulations such as GDPR increase the stakes, as unauthorized access or leakage of video data could result in regulatory penalties. The lack of vendor response and patch availability increases the risk exposure duration. However, the medium CVSS score and local network requirement somewhat limit the scope compared to internet-exposed vulnerabilities.
Mitigation Recommendations
1. Network Segmentation: Isolate dashcam devices on a separate VLAN or network segment with strict access controls to limit local network exposure. 2. Access Control: Restrict access to the dashcam’s management interfaces and HTTP endpoints to authorized personnel and devices only. 3. Monitoring: Implement network monitoring to detect unusual upload activity or unauthorized access attempts targeting /upload.cgi. 4. Device Hardening: Disable or restrict unnecessary services on the dashcam if possible, and change default credentials to strong, unique passwords. 5. Physical Security: Ensure physical access to the dashcam and vehicle network is controlled to prevent attackers from connecting to the local network. 6. Vendor Engagement: Continuously monitor for vendor updates or patches and apply them promptly once available. 7. Incident Response: Prepare to isolate affected devices and conduct forensic analysis if exploitation is suspected. 8. Alternative Solutions: Consider using dashcam models with better security track records or that have received patches for this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-07-05T08:10:13.139Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6869b7ab6f40f0eb72b3cd4c
Added to database: 7/5/2025, 11:39:23 PM
Last enriched: 7/5/2025, 11:54:34 PM
Last updated: 7/6/2025, 12:45:36 AM
Views: 3
Related Threats
CVE-2025-7077: Buffer Overflow in Shenzhen Libituo Technology LBT-T300-T310
HighCVE-2025-27446: CWE-732 Incorrect Permission Assignment for Critical Resource in Apache Software Foundation Apache APISIX Java Plugin Runner
HighCVE-2025-7076: Improper Access Controls in BlackVue Dashcam 590X
MediumCVE-2025-6022
LowCVE-2025-5316
LowActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.