CVE-2025-30140

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/geo-chen/GNET	Third Party Advisory
https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:gnetsystem:g-onx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:gnetsystem:g-onx:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-18 21:15

Updated : 2025-07-01 21:04

NVD link : CVE-2025-30140

Mitre link : CVE-2025-30140

CVE.ORG link : CVE-2025-30140

JSON object : View

Products Affected

gnetsystem

g-onx
g-onx_firmware

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-30140", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-18T21:15:32.880", "references": [{"url": "https://github.com/geo-chen/GNET", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos G-Net Dashcam BB GONX. Se utiliza un nombre de dominio p\u00fablico para el nombre de dominio interno. Este utiliza un nombre de dominio p\u00fablico no registrado como dominio interno, lo que supone un riesgo de seguridad. Este dominio no era propiedad de GNET originalmente, lo que permite a un atacante registrarlo y potencialmente interceptar el tr\u00e1fico confidencial del dispositivo (ya ha sido registrado por el descubridor de la vulnerabilidad). Si la dashcam o los servicios relacionados intentan resolver este dominio a trav\u00e9s de la red p\u00fablica de Internet en lugar de localmente, podr\u00eda provocar una exfiltraci\u00f3n de datos o ataques de intermediario."}], "lastModified": "2025-07-01T21:04:35.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:gnetsystem:g-onx_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2120C516-F31B-406B-BC9A-4397D10EDDA3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:gnetsystem:g-onx:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D2E9038F-6802-4704-805F-FC76FD268CCE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}