{"vulnerability": "cve-2025-2343", "sightings": [{"uuid": "1c1a695f-098b-4d53-884c-6a124608420d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2343", "type": "seen", "source": "https://t.me/cvedetector/20415", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2343 - IROAD Dash Cam X5 and X6 - Critical Hard-Coded Credentials Vulnerability in Device Pairing\", \n  \"Content\": \"CVE ID : CVE-2025-2343 \nPublished : March 16, 2025, 6:15 p.m. | 50\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"16 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-16T20:33:25.000000Z"}, {"uuid": "580d2c94-a7c6-47b7-8490-f024b705e09a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23434", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3w2rjki2t", "content": "", "creation_timestamp": "2025-01-16T20:16:27.856933Z"}, {"uuid": "6d9de6d6-8a95-45be-b6a8-87d4c60aa224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23431", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/114002396537131156", "content": "", "creation_timestamp": "2025-02-14T13:08:42.014418Z"}, {"uuid": "23dfd495-1cbb-4d48-adda-c24fdb0239ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23431", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3li5bxjin3j2c", "content": "", "creation_timestamp": "2025-02-14T13:16:21.794434Z"}, {"uuid": "67ec3d0c-e0ca-4f75-a1d6-2717068e1ce9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2343", "type": "published-proof-of-concept", "source": "Telegram/2xcZTs_XeibSHC82a1phGP_4q4jJMmNBOi-TbLrEddnQ0jY", "content": "", "creation_timestamp": "2025-03-16T19:30:15.000000Z"}, {"uuid": "66e13531-e6f5-4bba-8d00-07b13f9c462e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23436", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3w7j4ky2n", "content": "", "creation_timestamp": "2025-01-16T20:16:32.926005Z"}, {"uuid": "9b375609-557d-48ec-943d-50e3d600b2d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23432", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vyfcnq2t", "content": "", "creation_timestamp": "2025-01-16T20:16:25.357259Z"}, {"uuid": "f00cd934-192d-4245-a848-c9200c5a9e0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23430", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839897631303701", "content": "", "creation_timestamp": "2025-01-16T20:23:05.343417Z"}, {"uuid": "27193e3e-c4df-40bc-b850-1ae3eb9eec08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23432", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839897645382278", "content": "", "creation_timestamp": "2025-01-16T20:23:05.528504Z"}, {"uuid": "d47ed2b5-2667-42a3-a802-1e66c96474f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23430", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3vvzaiy2t", "content": "", "creation_timestamp": "2025-01-16T20:16:22.952443Z"}, {"uuid": "ab6ed471-a81d-425d-886f-0f7327581b3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23434", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839897660312646", "content": "", "creation_timestamp": "2025-01-16T20:23:05.748255Z"}, {"uuid": "002737a6-c210-4477-ac8d-38f8798a7d68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23435", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3w4zotv2p", "content": "", "creation_timestamp": "2025-01-16T20:16:30.262170Z"}, {"uuid": "1901afff-c693-40db-9749-216321b62e4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23435", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839897676072055", "content": "", "creation_timestamp": "2025-01-16T20:23:06.026214Z"}, {"uuid": "fb345403-4683-4f0b-9631-8ea6833b98f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23438", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lfv3wccw6q2b", "content": "", "creation_timestamp": "2025-01-16T20:16:36.039249Z"}, {"uuid": "4f4c1dd2-1053-4144-b1c3-462f2a73e895", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23436", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839956676019884", "content": "", "creation_timestamp": "2025-01-16T20:38:06.320754Z"}, {"uuid": "bdb6a014-1bc4-421f-8f4d-73e43e570453", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23438", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113839956709364890", "content": "", "creation_timestamp": "2025-01-16T20:38:06.808476Z"}, {"uuid": "fe288de2-7c5c-4d46-bd73-d260d6b44004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2343", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lkjlu3me3t2e", "content": "", "creation_timestamp": "2025-03-16T21:35:44.072358Z"}, {"uuid": "d79d46f6-7559-480d-a5d9-fc538969faff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23437", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6285", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23437\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ntp-header-images allows Reflected XSS. This issue affects ntp-header-images: from n/a through 1.2.\n\ud83d\udccf Published: 2025-03-03T13:30:02.801Z\n\ud83d\udccf Modified: 2025-03-03T20:12:53.284Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/header-images-rotator/vulnerability/wordpress-ntp-header-images-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:54.000000Z"}, {"uuid": "bf3240e9-8863-4e8e-b71d-580bafd59c23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23439", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6284", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23439\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in willshouse TinyMCE Extended Config allows Reflected XSS. This issue affects TinyMCE Extended Config: from n/a through 0.1.0.\n\ud83d\udccf Published: 2025-03-03T13:30:03.119Z\n\ud83d\udccf Modified: 2025-03-03T20:13:44.164Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/tinymce-extended-config/vulnerability/wordpress-tinymce-extended-config-plugin-0-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:50.000000Z"}, {"uuid": "9aeb107e-5cbc-4b4e-a287-be7cb25e0439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-23433", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/6286", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-23433\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jnwry vcOS allows Reflected XSS. This issue affects vcOS: from n/a through 1.4.0.\n\ud83d\udccf Published: 2025-03-03T13:30:01.343Z\n\ud83d\udccf Modified: 2025-03-03T20:11:58.929Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/vcos/vulnerability/wordpress-vcos-plugin-1-4-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-03-03T20:30:55.000000Z"}, {"uuid": "62685b04-a905-4cdb-be5e-9a3e65cbc138", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2343", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7716", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2343\n\ud83d\udd25 CVSS Score: 7.7 (cvssV4_0, Vector: CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability classified as critical was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this vulnerability is an unknown functionality of the component Device Pairing. The manipulation leads to hard-coded credentials. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2025-03-16T17:31:04.395Z\n\ud83d\udccf Modified: 2025-03-16T17:31:04.395Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.299809\n2. https://vuldb.com/?ctiid.299809\n3. https://vuldb.com/?submit.516881\n4. https://github.com/geo-chen/IROAD#finding-3-bypassing-of-device-pairing-cwe-798-for-iroad-x-series", "creation_timestamp": "2025-03-16T17:46:15.000000Z"}]}