CVE-2025-30138

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure.

CVSS v3 4.6 MEDIUM

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/geo-chen/GNET	Third Party Advisory
https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gnetsystem:g-onx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:gnetsystem:g-onx:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-18 20:15

Updated : 2025-07-01 21:04

NVD link : CVE-2025-30138

Mitre link : CVE-2025-30138

CVE.ORG link : CVE-2025-30138

JSON object : View

Products Affected

gnetsystem

g-onx
g-onx_firmware

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-30138", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2025-03-18T20:15:26.507", "references": [{"url": "https://github.com/geo-chen/GNET", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en los dispositivos G-Net Dashcam BB GONX. Personas no autorizadas pueden gestionar la configuraci\u00f3n, obtener datos confidenciales y sabotear la bater\u00eda del coche. Esto permite a usuarios no autorizados modificar ajustes cr\u00edticos del sistema una vez conectados a su red. Los atacantes pueden extraer informaci\u00f3n confidencial del coche y del conductor, silenciar las alertas de la dashcam para evitar su detecci\u00f3n, desactivar la funci\u00f3n de grabaci\u00f3n o incluso restablecer el dispositivo a la configuraci\u00f3n de f\u00e1brica. Adem\u00e1s, pueden desactivar la protecci\u00f3n de la bater\u00eda, lo que provoca que la dashcam descargue la bater\u00eda del coche si se deja encendida durante la noche. Estas acciones no solo comprometen la privacidad, sino que tambi\u00e9n suponen un riesgo de da\u00f1os f\u00edsicos al dejar la dashcam inoperativa o provocar un fallo de la bater\u00eda del veh\u00edculo."}], "lastModified": "2025-07-01T21:04:41.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gnetsystem:g-onx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2120C516-F31B-406B-BC9A-4397D10EDDA3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gnetsystem:g-onx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2E9038F-6802-4704-805F-FC76FD268CCE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}