CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell	Exploit Third Party Advisory
https://www.iroadau.com.au/downloads/	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:iroadau:fx2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:iroadau:fx2:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-06-26 17:15

Updated : 2025-11-06 20:24

NVD link : CVE-2025-30131

Mitre link : CVE-2025-30131

CVE.ORG link : CVE-2025-30131

JSON object : View

Products Affected

iroadau

fx2
fx2_firmware

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2025-30131", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-26T17:15:30.743", "references": [{"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-11---cve-2025-30131-unrestricted-webshell", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.iroadau.com.au/downloads/", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam. Additionally, by uploading a netcat (nc) binary, the attacker can establish a reverse shell, maintaining persistent remote and privileged access to the device. This allows complete device takeover."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos IROAD Dashcam FX2. Un endpoint de carga de archivos no autenticado puede utilizarse para ejecutar comandos arbitrarios cargando un webshell basado en CGI. Una vez cargado el archivo, el atacante puede ejecutar comandos con privilegios de root, obteniendo as\u00ed control total sobre la dashcam. Adem\u00e1s, al cargar un binario netcat (nc), el atacante puede establecer un shell inverso, manteniendo acceso remoto persistente y privilegiado al dispositivo. Esto permite el control total del dispositivo."}], "lastModified": "2025-11-06T20:24:24.220", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:iroadau:fx2_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C21728-4D54-42DB-98C8-B0B7C7A38B2C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:iroadau:fx2:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E62E438-2D69-401D-B5A8-B54565CE049E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}