Which versions of Fx2 Firmware are affected by CVE-2025-2349?

CVE-2025-2349 is a low-severity vulnerability in IROAD Dash Cam FX2 (CVSS 2.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…

How to fix or mitigate CVE-2025-2349?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Fx2 Firmware CVE-2025-2349

Q: What is the CVSS score of CVE-2025-2349?

CVE-2025-2349 has a CVSS 4.0 base score of 2.3 (Low). CVSS vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Inadequate Encryption Strength (CWE-326)

2025-03-16 cna@vuldb.com

Information Disclosure Fx2 Firmware

2.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.3 LOW

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:31 vuln.today

CVE Published

Mar 16, 2025 - 22:15 nvd

LOW 2.3

DescriptionCVE.org

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

AnalysisAI

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. Rated low severity (CVSS 2.3), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-326. A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational effort. Access to the local network is required for this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Affected products include: Iroadau Fx2 Firmware. Version information: up to 20250308..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-2349 vulnerability details – vuln.today

Back