EUVD-2025-6708

Malicious code in bioql PyPI...

EUVD-2025-6709

Malicious code in bioql PyPI...

EUVD-2025-6712

Malicious code in bioql PyPI...

EUVD-2025-6707

Malicious code in bioql PyPI...

EUVD-2025-6710

Malicious code in bioql PyPI...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

CVE-2025-30142

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of an already-paired device through ARP...

CVE-2025-30139

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacke...

CVE-2025-30140

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and...

CVE-2025-30141

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all...

CVE-2025-30138

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract...

CVE-2025-30140

An issue was discovered on G-Net Dashcam BB GONX devices. A Public Domain name is Used for the Internal Domain Name. It uses an unregistered public domain name as an internal domain, creating a security risk. This domain was not owned by GNET originally, allowing an attacker to register it and...

CVE-2025-30139

An issue was discovered on G-Net Dashcam BB GONX devices. Default credentials for SSID cannot be changed. It broadcasts a fixed SSID with default credentials that cannot be changed. This allows any nearby attacker to connect to the dashcam's network without restriction. Once connected, an attacke...

CVE-2025-30138

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract...

CVE-2025-30142

An issue was discovered on G-Net Dashcam BB GONX devices. Bypassing of Device Pairing can occur. It uses MAC address verification as the sole mechanism for recognizing paired devices, allowing attackers to bypass authentication. By capturing the MAC address of an already-paired device through ARP...

CVE-2025-30141

An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all...

CVE-2025-30137

An issue was discovered in the G-Net GNET APK 2.6.2. Hardcoded credentials exist in in APK for ports 9091 and 9092. The GNET mobile application contains hardcoded credentials that provide unauthorized access to the dashcam's API endpoints on ports 9091 and 9092. Once the GNET SSID is connected to...

CVE-2025-30139

The CVE-2025-30139 entry concerns G-Net Dashcam BB GONX devices where the SSID credentials are fixed and cannot be changed. The vulnerability arises from default credentials being inseparable from the SSID itself, and the device continuously broadcasts a fixed SSID, allowing nearby attackers to j...

CVE-2025-30138

The CVE-2025-30138 issue affects G-Net Dashcam BB GONX devices, allowing unauthorized users on the local network to modify critical settings, extract sensitive car/driver data, mute alerts, disable recording, perform a factory reset, and disable battery protection, which can drain the vehicle bat...

PT-2025-11646 · Unknown · G-Net Dashcam Bb Gonx

Name of the Vulnerable Software and Affected Versions: G-Net Dashcam BB GONX devices affected versions not specified Description: The issue concerns the use of an unregistered public domain name as an internal domain, posing a security risk. This allows an attacker to potentially register the...