CVE-2025-2346

A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

CVSS v3 5.6 MEDIUM
CVSS v2.0 5.1 MEDIUM

5.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name
https://vuldb.com/?ctiid.299812
https://vuldb.com/?id.299812

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha detectado una vulnerabilidad en IROAD Dash Cam X5 y Dash Cam X6 hasta la versión 20250308, clasificada como problemática. Esta vulnerabilidad afecta al código desconocido del componente Domain Handler. La manipulación del argumento Domain Name provoca un error de validación de origen. El ataque puede iniciarse remotamente. Es un ataque de complejidad bastante alta. Parece difícil de explotar.

16 Mar 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-16 20:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-2346

Mitre link : CVE-2025-2346

CVE.ORG link : CVE-2025-2346

JSON object : View

Products Affected

No product.

CWE

CWE-345

Insufficient Verification of Data Authenticity

CWE-346

Origin Validation Error

{"id": "CVE-2025-2346", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-16T20:15:11.603", "references": [{"url": "https://github.com/geo-chen/IROAD?tab=readme-ov-file#finding-6-public-domain-used-for-internal-domain-name", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.299812", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.299812", "source": "cna@vuldb.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-345"}, {"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308 and classified as problematic. This vulnerability affects unknown code of the component Domain Handler. The manipulation of the argument Domain Name leads to origin validation error. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en IROAD Dash Cam X5 y Dash Cam X6 hasta la versi\u00f3n 20250308, clasificada como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente Domain Handler. La manipulaci\u00f3n del argumento Domain Name provoca un error de validaci\u00f3n de origen. El ataque puede iniciarse remotamente. Es un ataque de complejidad bastante alta. Parece dif\u00edcil de explotar."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cna@vuldb.com"}