CVE-2025-30140

{"id": "CVE-2025-30140", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-18T21:15:32.880", "references": [{"url": "https://github.com/geo-chen/GNET", "source": "cve@mitre.org"}, {"url": "https://www.gnetsystem.com/eng/product/list?viewMode=view&idx=246&ca_id=0201", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and potentially intercept sensitive device traffic (it has since been registered by the vulnerability discoverer). If the dashcam or related services attempt to resolve this domain over the public Internet instead of locally, it could lead to data exfiltration or man-in-the-middle attacks."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos G-Net Dashcam BB GONX. Se utiliza un nombre de dominio p\u00fablico para el nombre de dominio interno. Este utiliza un nombre de dominio p\u00fablico no registrado como dominio interno, lo que supone un riesgo de seguridad. Este dominio no era propiedad de GNET originalmente, lo que permite a un atacante registrarlo y potencialmente interceptar el tr\u00e1fico confidencial del dispositivo (ya ha sido registrado por el descubridor de la vulnerabilidad). Si la dashcam o los servicios relacionados intentan resolver este dominio a trav\u00e9s de la red p\u00fablica de Internet en lugar de localmente, podr\u00eda provocar una exfiltraci\u00f3n de datos o ataques de intermediario."}], "lastModified": "2025-03-25T16:15:26.790", "sourceIdentifier": "cve@mitre.org"}