Which versions of 70mai M300 are affected by CVE-2025-6529?

The 70mai M300 dashcam (firmware through 20250611) contains a remote code execution vulnerability exploitable by attackers on adjacent networks using default credentials, with public exploit code now…

Is there a public PoC exploit available for CVE-2025-6529?

Yes, a public proof-of-concept exploit is available for CVE-2025-6529. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-6529?

Within 24 hours: Identify and inventory all 70mai M300 dashcams connected to corporate or vehicle networks using network scanning tools; isolate confirmed devices to separate network segments or disable Telnet access at the network edge. Within 7 days: Contact 70mai for firmware availability status and implement network-based compensating controls (disable Telnet ports 23/TCP, enforce strong WiFi segmentation, change default credentials if accessible via web interface). Within 30 days: Develop a device retirement or replacement strategy for 70mai M300 units; evaluate alternative dashcam vendors with active security patch programs and establish vendor firmware update SLAs for all future IoT device procurement.

70mai M300 CVE-2025-6529

Q: What is the CVSS score of CVE-2025-6529?

CVE-2025-6529 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.2%.

EUVD-2025-18959 HIGH

Use of Default Credentials (CWE-1392)

2025-06-23 cna@vuldb.com

Information Disclosure

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 29, 2026 - 01:18 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 29, 2026 - 01:11 vuln.today

cvss_changed

CVSS changed

Apr 29, 2026 - 01:11 NVD

8.8 (HIGH) 7.4 (HIGH)

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2025-18959

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

PoC Detected

Nov 14, 2025 - 14:12 vuln.today

Public exploit code

CVE Published

Jun 23, 2025 - 23:15 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code execution via default Telnet credentials in 70mai M300 dashcam firmware (versions up to 20250611) allows adjacent network attackers to gain full device control without authentication. The vulnerability has public exploit code available on GitHub demonstrating malicious file upload and code execution capabilities. Despite CVSS 7.4 severity and public exploitation techniques, EPSS probability remains low at 0.18% (40th percentile), suggesting limited widespread targeting of consumer dashcam devices, though adjacent network requirement (AV:A) makes this exploitable in shared WiFi environments or vehicle networks.

Technical ContextAI

The 70mai M300 is a consumer dashcam device running embedded Linux firmware with network connectivity features. The Telnet service (TCP port 23) is enabled by default with hardcoded factory credentials, representing CWE-1392 (Use of Default Credentials). Telnet transmits credentials in cleartext and provides direct shell access to the underlying operating system. The CVSS 4.0 vector indicates adjacent network attack vector (AV:A), meaning exploitation requires the attacker to be on the same network segment as the device - typically the dashcam's WiFi hotspot or a connected vehicle network. The CPE identifier cpe:2.3:o:70mai:m300_firmware confirms this affects the device firmware/operating system layer rather than a specific application component.

RemediationAI

No vendor-released patch identified at time of analysis despite early disclosure attempts. Immediate mitigation: disable the Telnet service if device firmware provides this option through settings or configuration file modification (check /etc/inetd.conf or systemd service files if root access possible). If Telnet cannot be disabled, change default credentials immediately through command-line interface - however, without vendor documentation, correct credential modification procedure is unknown and may brick the device. Most effective compensating control: disable the dashcam's WiFi hotspot feature entirely and restrict connectivity to USB-only data transfer when possible, eliminating the adjacent network attack vector. For fleet deployments requiring WiFi connectivity, isolate dashcam networks from other vehicle systems using VLAN segmentation and implement MAC address filtering to allow only authorized management devices. Monitor for unauthorized Telnet connection attempts on TCP port 23. Trade-offs: disabling WiFi eliminates remote file retrieval convenience; credential changes risk device lockout without vendor reset procedure.

CVE-2025-6529 vulnerability details – vuln.today

Back