Cyber Posture

CVE-2025-30139

Critical

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0025 47.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.

Security Summary

CVE-2025-30139 is a high-severity vulnerability (CVSS 3.1 score of 9.8) affecting G-Net Dashcam BB GONX devices, published on 2025-03-18. The issue stems from unchangeable default credentials for the device's Wi-Fi SSID, which is fixed and always broadcasted. This configuration, linked to CWE-1392, prevents users from securing the network with custom credentials, exposing the dashcam's wireless interface to unauthorized access.

Any nearby attacker within Wi-Fi range can exploit this vulnerability with no privileges, authentication, or user interaction required (AV:N/AC:L/PR:N/UI:N). Upon connecting to the dashcam's network using the default credentials, the attacker gains unrestricted access and can sniff traffic from other connected devices, such as the user's smartphone, potentially compromising sensitive data in transit.

References for further details include the GitHub repository at https://github.com/geo-chen/GNET and the product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201, though no specific advisories on patches or mitigations are detailed in the available information.

Details

CWE(s)
CWE-1392

Affected Products

gnetsystem
g-onx firmware
all versions

MITRE ATT&CK Enterprise Techniques

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1040 Network Sniffing Credential Access
Adversaries may passively sniff network traffic to capture information about an environment, including authentication material passed over the network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1025 Data from Removable Media Collection
Adversaries may search connected removable media on computers they have compromised to find files of interest.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
attack.mitre.org →
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
attack.mitre.org →
Why these techniques?

Default unchangeable WiFi credentials (T1078.001) and hardcoded credentials (T1552.001) enable unauthorized access, facilitating network sniffing (T1040), MAC impersonation (T1656), data collection from system/removable media (T1005, T1025), info discovery (T1082), file deletion (T1070.004), and endpoint DoS via battery drain (T1499).

References