Cyber Resilience

CVE-2025-1878

Low

Published: 03 March 2025

Published
03 March 2025
Modified
06 March 2025
KEV Added
Patch
CVSS Score v4 2.3 CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 32.4th percentile
Risk Priority 5 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1878 is a low-severity Use of Default Password (CWE-1393) vulnerability in I-Drive I11 Firmware. Its CVSS base score is 2.3 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Sniffing (T1040); ranked at the 32.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is…

more

required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
Why these techniques?

The static, publicly known default WiFi password enables nearby attackers to authenticate using default accounts (T1078.001) and connect to the dashcam's network, facilitating network traffic sniffing (T1040).

Affected Assets

i-drive
i11 firmware
≤ 20250227
i-drive
i12 firmware
≤ 20250227

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-1393

Changing default authenticators prior to first use prevents use of default passwords.

addresses: CWE-1393

Requires authentication that meets guidelines, avoiding default passwords for cryptographic module access.

addresses: CWE-1393

Threat awareness programs disseminate botnet and scanning activity tied to default passwords, driving organizations to change or enforce non-default credentials before mass exploitation occurs.

References