G-Net Dashcam BB GONX Device Pairing Bypass Vulnerability

A vulnerability exists in the G-Net Dashcam BB GONX model, allowing attackers to bypass the device pairing process. The dashcam relies solely on MAC address verification to recognize paired devices. By capturing the MAC address of an already-paired device through ARP scanning or similar methods, an attacker can spoof the MAC address and connect to the dashcam without completing the pairing process. This exploitation grants full access to the device's features.

Impact

Exploitation of this vulnerability allows unauthorized users to connect to the dashcam and gain complete access to its functionalities, potentially leading to unauthorized management of settings and access to recorded video footage.

Reproduction

To reproduce this vulnerability, first capture the MAC address of a paired device using ARP scanning. Once the MAC address is obtained, spoof it to impersonate the already-paired device. After spoofing the MAC address, connect to the dashcam, which will grant access without requiring the standard pairing process.