CVE Details
Basic Information
| Title | BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload |
|---|---|
| Type | cve |
| Published | 2025-07-05T23:32:05.317Z |
| Modified | 2025-07-05T23:32:05.317Z |
Product Information
| Vendor | BlackVue |
|---|---|
| Product | Dashcam 590X |
| Version | 20250624 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A vulnerability in the BlackVue Dashcam 590X allows unrestricted file uploads via the HTTP endpoint /upload.cgi. This could enable attackers to upload malicious files without authentication, potentially leading to system compromise. The issue is considered critical due to the potential for severe consequences. |
|---|---|
| AI Severity | Critical |
| AI Vendor | BlackVue |
| AI Product | Dashcam 590X |
| AI Version | 20250624 |
Affected Products
- BlackVue Dashcam 590X 20250624
Additional Information
| CWE List | CWE-434, CWE-284 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.