Improper Access Control in BlackVue Dashcam 590X Affects Local Network Security
CVE-2025-7076

5.4MEDIUM

Key Information:

Vendor: BlackVue
Status: Dashcam 590X
Vendor: CVE Published:; 6 July 2025

What is CVE-2025-7076?

A local network vulnerability has been identified in the BlackVue Dashcam 590X, affecting versions up to 20250624. This issue stems from improper access controls within the configuration handler, specifically in the /upload.cgi file. An attacker with access to the local network can exploit this flaw to manipulate device configurations, potentially compromising the integrity and security of the dashcam's functionalities. Despite early disclosure of the issue to the vendor, there has been no response, highlighting a pressing need for users to secure their devices against possible exploitation.

References

https://github.com/geo-chen/BlackVue/blob/main/README.md#...

https://vuldb.com/?ctiid.314990

https://vuldb.com/?id.314990

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2025