9.8

CVE-2025-30139

EPSS 0.15%
Veröffentlicht 18.03.2025 00:00:00
Zuletzt bearbeitet 01.07.2025 21:04:40
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnetsystem ≫ G-onx Firmware Version-

Gnetsystem ≫ G-onx Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.357

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201

Product

https://github.com/geo-chen/GNET

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-30139

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-30139

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-30139

EUVD