CVE-2025-1881

A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

CVSS v3.0 4.3 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/geo-chen/i-Drive	Third Party Advisory
https://vuldb.com/?ctiid.298195	Permissions Required
https://vuldb.com/?id.298195	Permissions Required
https://vuldb.com/?submit.510952	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:i-drive:i11_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:i-drive:i11:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:i-drive:i12_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:i-drive:i12:*:*:*:*:*:*:*:*

History

05 Mar 2025, 14:05

Type	Values Removed	Values Added
First Time		I-drive i12 Firmware I-drive I-drive i12 I-drive i11 I-drive i11 Firmware
CPE		cpe:2.3:o:i-drive:i12_firmware:::::::: cpe:2.3:o:i-drive:i11_firmware:::::::: cpe:2.3:h:i-drive:i12:::::::: cpe:2.3:h:i-drive:i11::::::::
References	~~() https://github.com/geo-chen/i-Drive -~~	() https://github.com/geo-chen/i-Drive - Third Party Advisory
References	~~() https://vuldb.com/?submit.510952 -~~	() https://vuldb.com/?submit.510952 - Third Party Advisory
References	~~() https://vuldb.com/?ctiid.298195 -~~	() https://vuldb.com/?ctiid.298195 - Permissions Required
References	~~() https://vuldb.com/?id.298195 -~~	() https://vuldb.com/?id.298195 - Permissions Required

03 Mar 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-03 21:15

Updated : 2025-03-05 14:05

NVD link : CVE-2025-1881

Mitre link : CVE-2025-1881

JSON object : View

Products Affected

i-drive

i11_firmware
i12_firmware
i11
i12

CWE

CWE-266

Incorrect Privilege Assignment

CWE-284

Improper Access Control

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/geo-chen/i-Drive", "name": "https://github.com/geo-chen/i-Drive", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.298195", "name": "VDB-298195 | CTI Indicators (IOB, IOC, TTP)", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?id.298195", "name": "VDB-298195 | i-Drive i11/i12 Video Footage/Live Video Stream access control", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://vuldb.com/?submit.510952", "name": "Submit #510952 | i-DRIVE Dashcam i11, i12 Improper Access Controls", "tags": ["Third Party Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-266"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-1881", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}}, "publishedDate": "2025-03-03T21:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:i-drive:i11_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20250227"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:i-drive:i11:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:i-drive:i12_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "20250227"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:i-drive:i12:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-03-05T14:05Z"}