CVE-2025-30116

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/geo-chen/Hella", "name": "https://github.com/geo-chen/Hella", "tags": ["Third Party Advisory"], "refsource": ""}, {"url": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", "name": "https://medium.com/@geochen/cve-draft-hella-driving-recorder-dr-820-ff8c4e2cca26", "tags": ["Permissions Required"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 9092 to stream the live video feed by bypassing the challenge-response authentication mechanism. This exposes sensitive location and personal data."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-30116", "ASSIGNER": "cve@mitre.org"}}, "impact": {}, "publishedDate": "2025-03-18T15:16Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:hella:dr_820_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:hella:dr_820:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-05-22T19:43Z"}