CVE-2025-30142

HIGH

8.1

Description

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of an already-paired device through ARP scanning or other means, an attacker can spoof the MAC address and connect to the dashcam without going through the pairing process. This enables full access to the device.

CVE Details

CVSS v3.1 Score8.1

SeverityHIGH

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/18/2025

Last Modified7/1/2025

Sourcenvd

Honeypot Sightings0

Affected Products

gnetsystem:g-onxgnetsystem:g-onx_firmware

Weaknesses (CWE)

CWE-290

References

https://github.com/geo-chen/GNET(cve@mitre.org)

https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.