Cyber Resilience

CVE-2025-30138

Medium

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0012 30.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30138 is a medium-severity Improper Access Control (CWE-284) vulnerability in Gnetsystem G-Onx Firmware. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network.…

more

Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1070.009 Clear Persistence Stealth
Adversaries may clear artifacts associated with previously established persistence on a host system to remove evidence of their activity.
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
T1499 Endpoint Denial of Service Impact
Adversaries may perform Endpoint Denial of Service (DoS) attacks to degrade or block the availability of services to users.
Why these techniques?

Vulnerability enables unauthorized access via default/hardcoded credentials (T1078.001, T1552.001) and MAC spoofing impersonation (T1656), facilitating data collection from local system/video (T1005, T1082, T1083, T1125), file/persistence removal via deletion/factory reset (T1070.004, T1070.009), disabling recording/alerts (T1562.001), and battery drain DoS (T1499).

Affected Assets

gnetsystem
g-onx firmware
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-284

The access control policy and procedures directly mandate and enforce proper access control mechanisms across the organization.

addresses: CWE-284

Device lock enforces restricted access until re-authentication, directly reducing unauthorized use of active sessions.

addresses: CWE-284

Supervision and review of access control activities directly detects and remediates improper access configurations or usages.

addresses: CWE-284

Explicitly identifying and documenting actions permitted without identification or authentication enforces proper access control boundaries by defining justified exceptions.

addresses: CWE-284

By automatically labeling outputs with security attributes, the control supports attribute-based enforcement and reduces exploitability of improper access control weaknesses.

addresses: CWE-284

Associating and retaining security attributes with data directly supports enforcement of access control decisions across storage, processing, and transmission.

addresses: CWE-284

Requiring prior authorization for each remote access type prevents improper access control over remote connections.

addresses: CWE-284

Requiring authorization of wireless access before allowing connections enforces proper access control for this access method.

References