Resource Allocation Vulnerability in IROAD Dashcam Q9 by IROAD
CVE-2025-7070

5.3MEDIUM

Key Information:

Vendor: Iroad
Status: Dashcam Q9
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-7070?

A vulnerability has been identified in the IROAD Dashcam Q9, affecting versions up to 20250624. This flaw resides in the MFA Pairing Request Handler, where improper handling allows for resource allocation manipulation. The exploit requires access within the local network, raising significant concerns regarding unauthorized access to the device. Despite early communication with the vendor regarding this issue, no response has been received, highlighting potential risks for users relying on this device.

Affected Version(s)

Dashcam Q9 20250624

References

https://vuldb.com/?id.314905

vdb-entry

https://vuldb.com/?ctiid.314905

signaturepermissions-required

https://vuldb.com/?submit.603298

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
Jul 4, 2025

Credit

geochen (VulDB User)

Iroad

What is CVE-2025-7070?

Affected Version(s)

References

CVSS V4

Timeline

Credit