Total
                    5 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 | 
|---|---|---|---|---|---|
| CVE-2025-30138 | 1 Gnetsystem | 2 G-onx, G-onx Firmware | 2025-07-01 | N/A | 4.6 MEDIUM | 
| An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure. | |||||
| CVE-2025-30139 | 1 Gnetsystem | 2 G-onx, G-onx Firmware | 2025-07-01 | N/A | 9.8 CRITICAL | 
| An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted. | |||||
| CVE-2025-30141 | 1 Gnetsystem | 2 G-onx, G-onx Firmware | 2025-07-01 | N/A | 7.5 HIGH | 
| An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092's RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner's knowledge. | |||||
| CVE-2025-30142 | 1 Gnetsystem | 2 G-onx, G-onx Firmware | 2025-07-01 | N/A | 8.1 HIGH | 
| An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of an already-paired device through ARP scanning or other means, an attacker can spoof the MAC address and connect to the dashcam without going through the pairing process. This enables full access to the device. | |||||
| CVE-2025-30140 | 1 Gnetsystem | 2 G-onx, G-onx Firmware | 2025-07-01 | N/A | 7.5 HIGH | 
| An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks. | |||||
