G Onx Firmware
CVE-2025-30139
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted.
AnalysisAI
An issue was discovered on G-Net Dashcam BB GONX devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Use of Default Credentials (CWE-1392), which allows attackers to gain access using factory-default usernames and passwords. An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacker can sniff on connected devices such as the user's smartphone. The SSID is also always broadcasted. Affected products include: Gnetsystem G-Onx Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Force credential change on first use, remove default accounts, document required credential changes.
More in G Onx Firmware
View allAn issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 7.5), this vulnerability is remotely
An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 8.1), this vulnerability is no authe
An issue was discovered on G-Net Dashcam BB GONX devices. Rated high severity (CVSS 7.5), this vulnerability is remotely
An issue was discovered on G-Net Dashcam BB GONX devices. Rated medium severity (CVSS 4.6), this vulnerability is no aut
Same weakness CWE-1392 – Use of Default Credentials
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today