CVE-2025-30137

Name of the Vulnerable Software and Affected Versions G-Net GNET APK version 2.6.2

Description An issue was discovered in the GNET mobile application where hardcoded credentials exist for ports 9091 and 9092, providing unauthorized access to the dashcam's API endpoints. The credentials for port 9091 are admin and 000000, and for port 9092, they are admin and tibet. An attacker can send a crafted authentication command with TibetList and 000000 to list settings of the dashcam at port 9091.

Recommendations For G-Net GNET APK version 2.6.2, consider disabling access to ports 9091 and 9092 until a patch is available to remove the hardcoded credentials. Restrict access to the API endpoints on ports 9091 and 9092 to minimize the risk of exploitation. Avoid using the hardcoded credentials admin and 000000 for port 9091, and admin and tibet for port 9092, in the affected API endpoints until the issue is resolved.