CVE-2025-30112
Published: 24 March 2025
Summary
CVE-2025-30112 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in 70Mai (inferred from references). Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations on the HTTP API and RTSP services, directly preventing unauthorized access that bypasses the physical pairing mechanism.
Requires the dashcam to identify and authenticate connecting clients before granting access to ports 80 and 554, mitigating the authentication bypass vulnerability.
Authorizes and controls wireless access to the dashcam's network, reducing the risk of attackers joining the Wi-Fi to exploit the exposed services.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The authentication bypass directly enables unauthorized access to the device's exposed HTTP API (port 80) and RTSP service (port 554) over its Wi-Fi network, matching the exploitation of a network-accessible application/service in T1190.
NVD Description
On 70mai Dash Cam 1S devices, by connecting directly to the dashcam's network and accessing the API on port 80 and RTSP on port 554, an attacker can bypass the device authorization mechanism from the official mobile app that requires…
more
a user to physically press on the power button during a connection.
Deeper analysisAI
CVE-2025-30112 is an authentication bypass vulnerability (CWE-288) affecting 70mai Dash Cam 1S devices, published on 2025-03-24. It enables attackers to circumvent the official mobile app's device authorization mechanism, which requires users to physically press the power button on the device during pairing. By connecting directly to the dashcam's Wi-Fi network and accessing the HTTP API on TCP port 80 or the RTSP service on TCP port 554, attackers can gain unauthorized access without this physical confirmation step.
The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H), indicating network accessibility with high attack complexity, low privileges required, and no user interaction needed. An attacker who can join the dashcam's network—such as a nearby adversary within Wi-Fi range—can exploit it to bypass pairing restrictions. This grants unauthorized access to the device's API and RTSP video stream, potentially allowing manipulation of settings, live video viewing, or disruption of device functions, with high impacts on integrity and availability alongside limited confidentiality exposure.
Mitigation details are available in referenced advisories, including the security research disclosure at https://github.com/geo-chen/70mai/blob/main/README.md#finding-1---cve-2025-30112-bypass-device-pairing-of-70mai-dashcam-1s and the vendor product page at https://www.70mai.com/cam1s/. Security practitioners should consult these for any firmware updates or configuration hardening recommendations specific to the 70mai Dash Cam 1S.
Details
- CWE(s)