CVE-2025-30140
Published: 18 March 2025
Summary
CVE-2025-30140 is a high-severity Improper Access Control (CWE-284) vulnerability in Gnetsystem G-Onx Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SC-21 (Secure Name/Address Resolution Service (Recursive or Caching Resolver)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-22 mandates architecture and provisioning for name/address resolution services that separate internal and external queries, preventing devices from resolving internal domains like the vulnerable public one over the public internet.
SC-21 requires secure name/address resolution for recursive or caching resolvers, ensuring validation of responses and mitigating hijacked domain risks in devices such as the G-Net Dashcam.
CM-6 enforces baseline configuration settings that prohibit the use of unregistered public domains for internal communications, directly addressing the misconfiguration in the G-Net Dashcam BB GONX.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows attackers to register an unregistered public domain used internally by the device, enabling adversary-in-the-middle attacks to intercept sensitive device traffic if resolved over the public internet.
NVD Description
An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not…
more
owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks.
Deeper analysisAI
CVE-2025-30140 is a vulnerability in G-Net Dashcam BB GONX devices where an unregistered public domain name is used as an internal domain name. This configuration creates a security risk because the domain was not originally owned by GNET, allowing an attacker to register it and potentially intercept sensitive device traffic. The issue has been categorized under CWE-284 (Improper Access Control) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability was published on 2025-03-18.
The attack scenario involves a remote attacker with no required privileges or user interaction who registers the public domain name. If the dashcam or related services attempt to resolve this domain over the public Internet rather than locally, the attacker can achieve man-in-the-middle interception, leading to data exfiltration and high confidentiality impact.
References for the vulnerability include a GitHub repository at https://github.com/geo-chen/GNET maintained by the discoverer, who has since registered the domain, and the vendor product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201. No specific patch or mitigation details from advisories are provided in the available information.
Details
- CWE(s)