fkie_cve-2025-30138
Vulnerability from fkie_nvd
Published
2025-03-18 20:15
Modified
2025-07-01 21:04
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure.
References
cve@mitre.orghttps://github.com/geo-chen/GNETThird Party Advisory
cve@mitre.orghttps://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201Product
Impacted products
Vendor Product Version
gnetsystem g-onx_firmware -
gnetsystem g-onx -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gnetsystem:g-onx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2120C516-F31B-406B-BC9A-4397D10EDDA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:gnetsystem:g-onx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E9038F-6802-4704-805F-FC76FD268CCE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en los dispositivos G-Net Dashcam BB GONX. Personas no autorizadas pueden gestionar la configuraci\u00f3n, obtener datos confidenciales y sabotear la bater\u00eda del coche. Esto permite a usuarios no autorizados modificar ajustes cr\u00edticos del sistema una vez conectados a su red. Los atacantes pueden extraer informaci\u00f3n confidencial del coche y del conductor, silenciar las alertas de la dashcam para evitar su detecci\u00f3n, desactivar la funci\u00f3n de grabaci\u00f3n o incluso restablecer el dispositivo a la configuraci\u00f3n de f\u00e1brica. Adem\u00e1s, pueden desactivar la protecci\u00f3n de la bater\u00eda, lo que provoca que la dashcam descargue la bater\u00eda del coche si se deja encendida durante la noche. Estas acciones no solo comprometen la privacidad, sino que tambi\u00e9n suponen un riesgo de da\u00f1os f\u00edsicos al dejar la dashcam inoperativa o provocar un fallo de la bater\u00eda del veh\u00edculo."
    }
  ],
  "id": "CVE-2025-30138",
  "lastModified": "2025-07-01T21:04:41.963",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-18T20:15:26.507",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/geo-chen/GNET"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.gnetsystem.com/eng/product/list?viewMode=view\u0026idx=246\u0026ca_id=0201"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.