Cyber Posture

CVE-2025-30142

High

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0002 6.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30142 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Gnetsystem G-Onx Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 6.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and IA-3 (Device Identification and Authentication).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 8 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

IA-3 Device Identification and Authentication good match
prevent

Requires systems to authenticate devices using mechanisms beyond spoofable MAC addresses, directly preventing authentication bypass via MAC spoofing during device pairing.

AC-18 Wireless Access good match
prevent

Mandates authorization and strong authentication for wireless access, countering the sole reliance on MAC verification for paired device recognition.

IA-5 Authenticator Management partial match
prevent

Ensures proper management of authenticators such as cryptographic keys or certificates for device identification, mitigating weak MAC-only authentication.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1025 Data from Removable Media Collection
Adversaries may search connected removable media on computers they have compromised to find files of interest.
attack.mitre.org →
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
attack.mitre.org →
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
attack.mitre.org →
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
attack.mitre.org →
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
attack.mitre.org →
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
attack.mitre.org →
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
attack.mitre.org →
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
attack.mitre.org →
Why these techniques?

Vulnerabilities enable default/hardcoded credentials access (T1078.001, T1552.001), device impersonation via MAC spoofing (T1656), system/file discovery and data collection from local/removable storage/video (T1005, T1025, T1082, T1083, T1125), and file deletion/data destruction (T1070.004).

NVD Description

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of…

more

an already-paired device through ARP scanning or other means, an attacker can spoof the MAC address and connect to the dashcam without going through the pairing process. This enables full access to the device.

Deeper analysisAI

CVE-2025-30142 is an authentication bypass vulnerability affecting G-Net Dashcam BB GONX devices. The flaw arises because the device relies solely on MAC address verification to recognize paired devices, enabling attackers to circumvent the pairing process entirely. By spoofing the MAC address of a legitimately paired device, unauthorized parties can gain access without authentication. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-290 (Authentication Bypass by Spoofing).

Attackers within the adjacent network (AV:A) can exploit this issue with low complexity and no privileges required. The scenario involves capturing the MAC address of a paired device through ARP scanning or similar reconnaissance methods, followed by spoofing that address on the attacker's device. Successful exploitation grants full access to the dashcam, compromising confidentiality and integrity (high impact) without affecting availability.

Mitigation details are not specified in the CVE description. Security practitioners should consult the referenced resources, including the GitHub repository at https://github.com/geo-chen/GNET and the product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201, for any vendor guidance, patches, or workarounds.

Details

CWE(s)
CWE-290

Affected Products

gnetsystem
g-onx firmware
all versions

CVEs Like This One

CVE-2025-30139Same product: Gnetsystem G-Onx
CVE-2025-30141Same product: Gnetsystem G-Onx
CVE-2025-30140Same product: Gnetsystem G-Onx
CVE-2024-8273Shared CWE-290
CVE-2025-59707Shared CWE-290
CVE-2026-33661Shared CWE-290
CVE-2026-34457Shared CWE-290
CVE-2025-62235Shared CWE-290
CVE-2025-8853Shared CWE-290
CVE-2026-2800Shared CWE-290

References