CVE-2025-30139

CRITICAL

9.8

Description

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/18/2025

Derniere modification7/1/2025

Sourcenvd

Observations honeypot0

Produits affectes

gnetsystem:g-onxgnetsystem:g-onx_firmware

Faiblesses (CWE)

CWE-1392

References

https://github.com/geo-chen/GNET(cve@mitre.org)

https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.