CVE Alert: CVE-2025-11942 - 70mai - X200

CVE-2025-11942

HIGHNo exploitation known

A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 (7.3)

Vendor

70mai

Product

X200

Versions

20251010

CWE

CWE-306, Missing Authentication

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R

Published

2025-10-19T16:02:07.412Z

Updated

2025-10-19T16:02:07.412Z

References

https://vuldb.com/?id.329021

https://vuldb.com/?ctiid.329021

https://vuldb.com/?submit.672520

https://github.com/geo-chen/70mai/blob/main/README.md#finding-9-bypass-device-pairing-of-70mai-dashcam-omni-x200

AI Summary Analysis

Risk verdict: High risk: remote, unauthenticated access to the 70mai X200 pairing component is exposed, with a publicly available exploit increasing abuse potential.

Why this matters: An attacker can manipulate pairing without user interaction, potentially taking control of the device, compromising video data, or linking the device to their account. The impact spans confidentiality, integrity and availability of the pairing subsystem, risking privacy and trust for individual users and any managed fleets or deployments.

Most likely attack path: The flaw enables network-accessible pairing manipulation without credentials (PR:N, UI:N). An attacker can trigger the pairing flow remotely, with no user action, to rebind the device or disable previous controls. Because the impact is confined to the pairing component (Scope unchanged, C/I/A L), lateral movement to other subsystems is unlikely, but device control and data exposure are plausible within the affected module.

Who is most exposed: Consumers and any deployments using the X200 in home or fleet contexts with exposed pairing endpoints, including devices reachable over the internet or on poorly segmented local networks. Regions with slow firmware updates may remain at higher risk.

Detection ideas:

Unusual or successful pairing attempts without authentication events.
Access to the pairing endpoint from unexpected or broad IP ranges.
Anomalous session lifecycles or repeated pairing retries post-connection.
Logs indicating bypassed authentication checks in the pairing function.
IOCs published in CTI feeds (IOB/IOC signals).

Mitigation and prioritisation:

Apply the latest firmware patch addressing the pairing flaw; verify successful deployment.
Enforce authentication on the pairing workflow and disable unauthenticated remote pairing where feasible.
Network controls: restrict pairing exposure, require VPN or internal network access, segment the device from untrusted networks.
Harden monitoring: enable granular logging of pairing attempts; alert on anomalous binding activity.
Change-management: test patch in staging, validate device functionality, communicate update guidance to users.

Support Our Work

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.

AI APIs OSINT driven New features

Buy Me A Coffee Patreon

Tags: 70mai, CVE, cve-2025-11942, OSINT, threatintel, x200