Cyber Posture

CVE-2025-30142

High

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0002 6.3th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.

Security Summary

CVE-2025-30142 is an authentication bypass vulnerability affecting G-Net Dashcam BB GONX devices. The flaw arises because the device relies solely on MAC address verification to recognize paired devices, enabling attackers to circumvent the pairing process entirely. By spoofing the MAC address of a legitimately paired device, unauthorized parties can gain access without authentication. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-290 (Authentication Bypass by Spoofing).

Attackers within the adjacent network (AV:A) can exploit this issue with low complexity and no privileges required. The scenario involves capturing the MAC address of a paired device through ARP scanning or similar reconnaissance methods, followed by spoofing that address on the attacker's device. Successful exploitation grants full access to the dashcam, compromising confidentiality and integrity (high impact) without affecting availability.

Mitigation details are not specified in the CVE description. Security practitioners should consult the referenced resources, including the GitHub repository at https://github.com/geo-chen/GNET and the product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201, for any vendor guidance, patches, or workarounds.

Details

CWE(s)
CWE-290

Affected Products

gnetsystem
g-onx firmware
all versions

MITRE ATT&CK Enterprise Techniques

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1025 Data from Removable Media Collection
Adversaries may search connected removable media on computers they have compromised to find files of interest.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
attack.mitre.org →
Why these techniques?

Vulnerabilities enable default/hardcoded credentials access (T1078.001, T1552.001), device impersonation via MAC spoofing (T1656), system/file discovery and data collection from local/removable storage/video (T1005, T1025, T1082, T1083, T1125), and file deletion/data destruction (T1070.004).

References