Vulnerability Information Title: 70mai Dashcam X200 Omni Improper Initialization Description: Init Script Binary Hijack Persistence Vulnerability in 70mai X200 Omni Dashcam Vulnerability Details Description: - The 70mai X200 Omni dashcam is vulnerable to a persistence attack where an init script calls a missing binary, allowing an attacker to place a malicious binary at that path. - This binary executes automatically at boot, enabling persistent code execution. - The flaw allows stealthy, persistent control over the device, compromising integrity and security. Vulnerability Type: - Incorrect Access Control / Persistence via Binary Hijacking Affected Component: - Initialization Script Attack Type: - Local Impact: - Code execution: True - Information Disclosure: True Attack Vector An attacker with access to the device's network or filesystem can place a malicious binary at a path referenced by the boot initialization script. - This causes the malicious binary to run automatically on device boot, achieving persistent code execution and potentially exposing sensitive information or system control. Additional Information Source: https://github.com/geo-chen/70mai/blob/main/README.md#finding-11-init-script-binary-hijack-persistence-vulnerability-in-70mai-x200-omni-dashcam User: - geoChen (UID 78995) Submission Date: 10/19/2025 06:30 PM Moderation Date: 11/08/2025 08:22 AM