Cyber Resilience

CVE-2025-30142

High

Published: 18 March 2025

Published
18 March 2025
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0002 6.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30142 is a high-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Gnetsystem G-Onx Firmware. Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 6.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-18 (Wireless Access) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2025-30142 is an authentication bypass vulnerability affecting G-Net Dashcam BB GONX devices. The flaw arises because the device relies solely on MAC address verification to recognize paired devices, enabling attackers to circumvent the pairing process entirely. By spoofing the MAC address of a legitimately paired device, unauthorized parties can gain access without authentication. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and is associated with CWE-290 (Authentication Bypass by Spoofing).

Attackers within the adjacent network (AV:A) can exploit this issue with low complexity and no privileges required. The scenario involves capturing the MAC address of a paired device through ARP scanning or similar reconnaissance methods, followed by spoofing that address on the attacker's device. Successful exploitation grants full access to the dashcam, compromising confidentiality and integrity (high impact) without affecting availability.

Mitigation details are not specified in the CVE description. Security practitioners should consult the referenced resources, including the GitHub repository at https://github.com/geo-chen/GNET and the product page at https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201, for any vendor guidance, patches, or workarounds.

EU & UK References

Vulnerability details

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of…

more

an already-paired device through ARP scanning or other means, an attacker can spoof the MAC address and connect to the dashcam without going through the pairing process. This enables full access to the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1025 Data from Removable Media Collection
Adversaries may search connected removable media on computers they have compromised to find files of interest.
T1070.004 File Deletion Stealth
Adversaries may delete files left behind by the actions of their intrusion activity.
T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1082 System Information Discovery Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1125 Video Capture Collection
An adversary can leverage a computer's peripheral devices (e.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
T1684.001 Impersonation Stealth
Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf.
Why these techniques?

Vulnerabilities enable default/hardcoded credentials access (T1078.001, T1552.001), device impersonation via MAC spoofing (T1656), system/file discovery and data collection from local/removable storage/video (T1005, T1025, T1082, T1083, T1125), and file deletion/data destruction (T1070.004).

CVEs Like This One

CVE-2025-30139Same product: Gnetsystem G-Onx
CVE-2025-30141Same product: Gnetsystem G-Onx
CVE-2025-30140Same product: Gnetsystem G-Onx
CVE-2024-8273Shared CWE-290
CVE-2024-55925Shared CWE-290
CVE-2018-25317Shared CWE-290
CVE-2026-22734Shared CWE-290
CVE-2025-71056Shared CWE-290
CVE-2026-0834Shared CWE-290
CVE-2026-33131Shared CWE-290

Affected Assets

gnetsystem
g-onx firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires systems to authenticate devices using mechanisms beyond spoofable MAC addresses, directly preventing authentication bypass via MAC spoofing during device pairing.

prevent

Mandates authorization and strong authentication for wireless access, countering the sole reliance on MAC verification for paired device recognition.

prevent

Ensures proper management of authenticators such as cryptographic keys or certificates for device identification, mitigating weak MAC-only authentication.

References