FKIE_CVE-2025-30141

Vulnerability from fkie_nvd - Published: 2025-03-18 20:15 - Updated: 2025-07-01 21:04
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092's RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner's knowledge.
References
cve@mitre.orghttps://github.com/geo-chen/GNETThird Party Advisory
cve@mitre.orghttps://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201Product
Impacted products
Vendor Product Version
gnetsystem g-onx_firmware -
gnetsystem g-onx -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gnetsystem:g-onx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2120C516-F31B-406B-BC9A-4397D10EDDA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:gnetsystem:g-onx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2E9038F-6802-4704-805F-FC76FD268CCE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam\u0027s network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092\u0027s RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner\u0027s knowledge."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en los dispositivos G-Net Dashcam BB GONX. Se pueden volcar de forma remota secuencias de v\u00eddeo y transmisiones de v\u00eddeo en directo. Esto expone los endpoints de la API en los puertos 9091 y 9092, lo que permite el acceso remoto a las transmisiones de v\u00eddeo grabadas y en directo. Un atacante que se conecta a la red de dashcam puede recuperar todas las grabaciones almacenadas y convertirlas del formato JDR a MP4. Adem\u00e1s, se puede acceder remotamente a la transmisi\u00f3n RTSP del puerto 9092, lo que permite extraer transmisiones de v\u00eddeo en tiempo real sin el conocimiento del propietario."
    }
  ],
  "id": "CVE-2025-30141",
  "lastModified": "2025-07-01T21:04:38.610",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-18T20:15:26.693",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/geo-chen/GNET"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.gnetsystem.com/eng/product/list?viewMode=view\u0026idx=246\u0026ca_id=0201"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.