Cyber Resilience

CVE-2025-30140

High

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0021 44.0th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30140 is a high-severity Improper Access Control (CWE-284) vulnerability in Gnetsystem G-Onx Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 44.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-21 (Secure Name/Address Resolution Service (Recursive or Caching Resolver)).

Deeper analysis

CVE-2025-30140 is a vulnerability in G-Net Dashcam BB GONX devices where an unregistered public domain name is used as an internal domain name. This configuration creates a security risk because the domain was not originally owned by GNET, allowing an attacker to register it and potentially intercept sensitive device traffic. The issue has been categorized under CWE-284 (Improper Access Control) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability was published on 2025-03-18.

The attack scenario involves a remote attacker with no required privileges or user interaction who registers the public domain name. If the dashcam or related services attempt to resolve this domain over the public Internet rather than locally, the attacker can achieve man-in-the-middle interception, leading to data exfiltration and high confidentiality impact.

References for the vulnerability include a GitHub repository at https://github.com/geo-chen/GNET maintained by the discoverer, who has since registered the domain, and the vendor product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201. No specific patch or mitigation details from advisories are provided in the available information.

EU & UK References

Vulnerability details

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not…

more

owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

The vulnerability allows attackers to register an unregistered public domain used internally by the device, enabling adversary-in-the-middle attacks to intercept sensitive device traffic if resolved over the public internet.

CVEs Like This One

CVE-2025-30141Same product: Gnetsystem G-Onx
CVE-2025-30139Same product: Gnetsystem G-Onx
CVE-2025-30142Same product: Gnetsystem G-Onx
CVE-2025-43233Shared CWE-284
CVE-2026-32254Shared CWE-284
CVE-2025-30132Shared CWE-284
CVE-2024-35177Shared CWE-284
CVE-2026-48898Shared CWE-284
CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284

Affected Assets

gnetsystem
g-onx firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SC-22 mandates architecture and provisioning for name/address resolution services that separate internal and external queries, preventing devices from resolving internal domains like the vulnerable public one over the public internet.

prevent

SC-21 requires secure name/address resolution for recursive or caching resolvers, ensuring validation of responses and mitigating hijacked domain risks in devices such as the G-Net Dashcam.

prevent

CM-6 enforces baseline configuration settings that prohibit the use of unregistered public domains for internal communications, directly addressing the misconfiguration in the G-Net Dashcam BB GONX.

References