IROAD Dash Cam X5 critical vulnerability (CVE-2025-2345)
CVE number = CVE-2025-2345
The IROAD X5 dashcam allows unauthorized users to modify critical system settings once connected to its network.
Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device.
Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight.
These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure.
The IROAD X5 dashcam broadcasts a fixed SSID with default credentials that cannot be changed.
This allows any nearby attacker to connect to the dashcam’s network without restriction.
Once connected, an attacker can sniff on connected devices such as the user’s smartphone. The SSID is also always broadcasted.
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.