How severe is CVE-2025-2120?

This vulnerability has a severity rating of LOW with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2025-2120?

This is classified as CWE-312, which is a common weakness in software security.

CVE-2025-2120 - LOW Severity | CVSS 4.6

Vulnerability Description

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2019-14886

MEDIUM

CVSS:4.6(Medium)

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Ba...

CWE-3122019

CVE-2020-36248

MEDIUM

CVSS:4.6(Medium)

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this...

CWE-3122020

CVE-2021-25692

MEDIUM

CVSS:4.6(Medium)

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3.

CWE-3122021

CVE-2022-20660

MEDIUM

CVSS:4.6(Medium)

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. T...

CWE-3122022

CVE-2022-24120

MEDIUM

CVSS:4.6(Medium)

Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.

CWE-3122022

CVE-2022-41740

MEDIUM

CVSS:4.6(Medium)

IBM Robotic Process Automation 20.12 through 21.0.6 could allow an attacker with physical access to the system to obtain highly sensitive information from system memory. IBM X-Force ID: 238053.

CWE-3122022