Cyber Posture

CVE-2025-30141

High

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0025 48.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30141 is a high-severity Improper Access Control (CWE-284) vulnerability in Gnetsystem G-Onx Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 48.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-9 (Service Identification and Authentication).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to API endpoints on ports 9091 and 9092, preventing unauthorized retrieval of video footage and live streams.

SC-41 Port and I/O Device Access good match
prevent

Restricts use of vulnerable ports 9091 and 9092, blocking remote network access to the dashcam's recorded and live video feeds.

IA-9 Service Identification and Authentication good match
prevent

Requires identification and authentication for exposed system services like the video API and RTSP stream, mitigating unauthenticated exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1025 Data from Removable Media Collection
Adversaries may search connected removable media on computers they have compromised to find files of interest.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
attack.mitre.org →
Why these techniques?

Exposed API endpoints on ports 9091/9092 enable remote file/directory listing and dumping of stored video footage from the local SD card (T1083, T1005, T1025) and access to live RTSP video stream (T1125).

NVD Description

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds.…

more

An attacker who connects to the dashcam's network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092's RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner's knowledge.

Deeper analysisAI

CVE-2025-30141 is a vulnerability in G-Net Dashcam BB GONX devices that exposes API endpoints on ports 9091 and 9092, enabling remote access to recorded video footage and live video streams. Attackers can retrieve all stored recordings in JDR format and convert them to MP4, while port 9092 provides an RTSP stream for real-time video extraction without the owner's knowledge. The issue, published on 2025-03-18, carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and maps to CWE-284 (Improper Access Control).

An attacker with network access to the dashcam can exploit this vulnerability without authentication or user interaction. Exploitation allows complete dumping of historical video recordings and unauthorized viewing of live feeds, resulting in high confidentiality impact on potentially sensitive footage from the device.

References point to a GitHub repository at https://github.com/geo-chen/GNET, which demonstrates the issue, and the vendor product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201. No advisories or patches detailing mitigation steps are specified in the available information.

Details

CWE(s)
CWE-284

Affected Products

gnetsystem
g-onx firmware
all versions

CVEs Like This One

CVE-2025-30140Same product: Gnetsystem G-Onx
CVE-2025-30142Same product: Gnetsystem G-Onx
CVE-2025-30139Same product: Gnetsystem G-Onx
CVE-2026-0977Shared CWE-284
CVE-2026-28876Shared CWE-284
CVE-2025-24229Shared CWE-284
CVE-2026-28855Shared CWE-284
CVE-2026-28837Shared CWE-284
CVE-2024-55019Shared CWE-284
CVE-2026-35231Shared CWE-284

References