How severe is CVE-2025-30138?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2025-30138?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2025-30138 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

An issue was discovered on G-Net Dashcam BB GONX devices. Managing Settings and Obtaining Sensitive Data and Sabotaging Car Battery can be performed by unauthorized persons. It allows unauthorized users to modify critical system settings once connected to its network. Attackers can extract sensitive car and driver information, mute dashcam alerts to prevent detection, disable recording functionality, or even factory reset the device. Additionally, they can disable battery protection, causing the dashcam to drain the car battery when left on overnight. These actions not only compromise privacy but also pose potential physical harm by rendering the dashcam non-functional or causing vehicle battery failure.

Related Vulnerabilities

CVE-2015-8512

MEDIUM

CVSS:4.6(Medium)

The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by entering...

CWE-2842015

CVE-2016-4032

MEDIUM

CVSS:4.6(Medium)

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I...

CWE-2842016

CVE-2016-6769

MEDIUM

CVSS:4.6(Medium)

An elevation of privilege vulnerability in Smart Lock could enable a local malicious user to access Smart Lock settings without a PIN. This issue is rated as Moderate because it first requires physica...

CWE-2842016

CVE-2022-25831

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

CWE-2842022

CVE-2022-36851

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

CWE-2842022

CVE-2022-39900

MEDIUM

CVSS:4.6(Medium)

Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder th...

CWE-2842022