Cyber Resilience

CVE-2025-30112

High

Published: 24 March 2025

Published
24 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H
EPSS Score 0.0002 4.0th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30112 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in 70Mai (inferred from references). Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2025-30112 is an authentication bypass vulnerability (CWE-288) affecting 70mai Dash Cam 1S devices, published on 2025-03-24. It enables attackers to circumvent the official mobile app's device authorization mechanism, which requires users to physically press the power button on the device during pairing. By connecting directly to the dashcam's Wi-Fi network and accessing the HTTP API on TCP port 80 or the RTSP service on TCP port 554, attackers can gain unauthorized access without this physical confirmation step.

The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H), indicating network accessibility with high attack complexity, low privileges required, and no user interaction needed. An attacker who can join the dashcam's network—such as a nearby adversary within Wi-Fi range—can exploit it to bypass pairing restrictions. This grants unauthorized access to the device's API and RTSP video stream, potentially allowing manipulation of settings, live video viewing, or disruption of device functions, with high impacts on integrity and availability alongside limited confidentiality exposure.

Mitigation details are available in referenced advisories, including the security research disclosure at https://github.com/geo-chen/70mai/blob/main/README.md#finding-1---cve-2025-30112-bypass-device-pairing-of-70mai-dashcam-1s and the vendor product page at https://www.70mai.com/cam1s/. Security practitioners should consult these for any firmware updates or configuration hardening recommendations specific to the 70mai Dash Cam 1S.

EU & UK References

Vulnerability details

On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires…

more

a user to physically press on the power button during a connection.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The authentication bypass directly enables unauthorized access to the device's exposed HTTP API (port 80) and RTSP service (port 554) over its Wi-Fi network, matching the exploitation of a network-accessible application/service in T1190.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-10294Shared CWE-288
CVE-2026-3461Shared CWE-288
CVE-2025-67070Shared CWE-288
CVE-2026-42760Shared CWE-288
CVE-2026-44575Shared CWE-288
CVE-2026-1779Shared CWE-288
CVE-2025-0316Shared CWE-288
CVE-2026-45109Shared CWE-288
CVE-2025-5397Shared CWE-288
CVE-2026-31271Shared CWE-288

Affected Assets

70Mai
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on the HTTP API and RTSP services, directly preventing unauthorized access that bypasses the physical pairing mechanism.

prevent

Requires the dashcam to identify and authenticate connecting clients before granting access to ports 80 and 554, mitigating the authentication bypass vulnerability.

prevent

Authorizes and controls wireless access to the dashcam's network, reducing the risk of attackers joining the Wi-Fi to exploit the exposed services.

References