Thinkware Dashcam Vulnerability Leaks Credentials to Attackers

A series of significant security vulnerabilities have been discovered in the Thinkware Dashcam, specifically the F800 Pro model, which could pose serious risks to users’ privacy and security.

These issues include unauthorized access to sensitive data, denial of service, and the ability to write malicious files. Below is a detailed overview of these vulnerabilities and their implications.

Overview of the Vulnerabilities

1. CVE-2025-2119: Bypass of Device Pairing
   • Description: The authentication mechanism of the Thinkware Dashcam can be bypassed using default credentials. An attacker can connect to the dashcam’s WiFi without going through the Thinkware Cloud app, allowing unauthorized access to the RTSP feed and video recordings via telnet.
   • Impact: This could lead to the theft of sensitive video recordings without the user’s knowledge.
2. CVE-2025-2122: Denial of Service (DoS)
   • Description: Since the dashcam only supports a single device connection at a time, an attacker could prevent the rightful owner from accessing the device.
   • Impact: This effectively creates a denial-of-service scenario for the legitimate user, potentially leading to security and convenience issues.
3. CVE-2025-2120: User Credentials Saved in Plain-Text
   • Description: The credentials for the dashcam are stored in plain text in a configuration file, making them easily accessible to anyone with temporary physical access.
   • Impact: This negligence in security practices puts users’ account information at risk of being compromised.
4. CVE-2025-2121: Unprotected Write Access
   • Description: Once connected to the dashcam, an attacker can write arbitrary files or malware into the device’s storage.
   • Impact: This could lead to the installation of malicious software or disruption of the device’s functionality.
5. CVE-2024-53614: Hardcoded Decryption Key in Thinkware Cloud APK
   • Description: The Thinkware Cloud APK contains a hardcoded decryption key, which could allow attackers to access encrypted data and execute commands with elevated privileges.
   • Impact: This vulnerability poses a significant threat as it can compromise sensitive video footage stored on the cloud by allowing an attacker to intercept and decode login credentials.

Thinkware was notified about these vulnerabilities on November 12, 2024, via their vulnerability disclosure program.

The support team acknowledged the report and forwarded it to their mobile app development team for further evaluation. Despite these efforts, as of the latest update, no official fix has been released to address these issues.

The discovery of these vulnerabilities highlights the importance of robust security measures in IoT devices like dashcams.

Users of Thinkware’s F800 Pro dashcam are advised to take precautions such as changing default passwords and maintaining physical security of their devices.

Additionally, using strong and unique passwords for the Thinkware Cloud is crucial until a comprehensive patch is released.

As the security landscape continues to evolve, manufacturers must prioritize vulnerability testing and patching to protect user data and prevent potential misuse.

Users should remain vigilant about software updates and security advisories related to their devices to mitigate risks effectively.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.