CVE-2025-1878
Published: 03 March 2025
Summary
CVE-2025-1878 is a low-severity Use of Default Password (CWE-1393) vulnerability in I-Drive I11 Firmware. Its CVSS base score is 2.3 (Low).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-5545
Vulnerability details
A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is…
more
required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The static, publicly known default WiFi password enables nearby attackers to authenticate using default accounts (T1078.001) and connect to the dashcam's network, facilitating network traffic sniffing (T1040).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Changing default authenticators prior to first use prevents use of default passwords.
Requires authentication that meets guidelines, avoiding default passwords for cryptographic module access.
Threat awareness programs disseminate botnet and scanning activity tied to default passwords, driving organizations to change or enforce non-default credentials before mass exploitation occurs.