CRITICAL🇵🇱 Wersja polska

CVE-2025-30139

CVSS 9.8v3.1pub. 2025-03-18upd. 2025-07-01

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted.

🤖 AI Analysis
How it works

The G-Net Dashcam BB GONX device continuously broadcasts its SSID with factory-set, immutable access credentials (CWE-1392: use of default credentials). Since the user has no ability to change these credentials, anyone within the range of the camera's Wi-Fi network can connect to it by knowing the widely available or easily guessable default password. Once connected to the camera's network, an attacker can perform traffic sniffing of other devices connected to the same network, such as the vehicle owner's smartphone.

Impact

An attacker within Wi-Fi range can connect to the camera's network without authorization and subsequently intercept network traffic from user devices (e.g., smartphone), which may lead to disclosure of sensitive data (violation of confidentiality, integrity, and availability).

Mitigation & patch

Apply patches available from the manufacturer according to the references provided. Until a fix is released, it is recommended to limit the device's exposure (e.g., disabling the camera's Wi-Fi function when not actively in use) and monitor unauthorized connections to the camera's network.

Who is affected

G-Net Dashcam BB GONX devices (firmware and hardware designated as Gnetsystem G-Onx / G-Onx Firmware) — specific versions indicated in manufacturer references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gnetsystem G Onx

    HW
    Gnetsystem
    wszystkie wersje
  • Gnetsystem G Onx Firmware

    OS
    Gnetsystem
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-30140HIGH7.5ten sam produkt

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain...

CVE-2025-30141HIGH7.5ten sam produkt

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Vid...

CVE-2025-30142HIGH8.1ten sam produkt

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC a...

CVE-2025-30138MEDIUM4.6ten sam produkt

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and S...