Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
42 vulnerabilities by geovision
CVE-2026-7161 (GCVE-0-2026-7161)
Vulnerability from nvd – Published: 2026-05-04 00:39 – Updated: 2026-06-15 19:19
VLAI
Title
GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability
Summary
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.
When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-656 - - Reliance on Security Through Obscurity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.geovision.com.tw/cyber_security.php | vendor-advisory |
| https://talosintelligence.com/vulnerability_reports/ | third-party-advisory |
| https://www.talosintelligence.com/vulnerability_r… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision Inc. | GV-IP Device Utility |
Affected:
9.0.5.0
Unaffected: 9.0.7.0 |
Date Public
2026-04-27 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T03:56:17.236234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:42:38.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-15T19:19:08.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "GV-IP Device Utility",
"vendor": "GeoVision Inc.",
"versions": [
{
"status": "affected",
"version": "9.0.5.0"
},
{
"status": "unaffected",
"version": "9.0.7.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geovision_inc.:gv-ip_device_utility:9.0.5.0:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geovision_inc.:gv-ip_device_utility:9.0.7.0:*:windows:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Philippe Laulheret of Cisco Talos."
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Kelly Patterson of Cisco Talos."
},
{
"lang": "en",
"type": "coordinator",
"value": "Martin Zeiser of Cisco Talos."
}
],
"datePublic": "2026-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eWhen interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the \"obscurity\" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.\u003c/div\u003e"
}
],
"value": "An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.\n\n\nWhen interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the \"obscurity\" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default."
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656 - Reliance on Security Through Obscurity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T00:39:39.188Z",
"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"shortName": "GV"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.geovision.com.tw/cyber_security.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GeoVision GV-IP Device Utility Device version 9.0.7.0 has patched reported vulnerability.\u0026nbsp;\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUser is recommended to update to version 9.0.7.0 from GeoVision\u0027s offical website\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\u003c/div\u003e\u003cdiv\u003eor contact GeoVision Support team\u003c/div\u003e"
}
],
"value": "GeoVision GV-IP Device Utility Device version 9.0.7.0 has patched reported vulnerability.\u00a0\n\n\nUser is recommended to update to version 9.0.7.0 from GeoVision\u0027s offical website\u00a0\n\n(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\n\nor contact GeoVision Support team"
}
],
"source": {
"advisory": "TALOS-2025-2322",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-02-17T00:16:00.000Z",
"value": "Initial Vendor Contact"
}
],
"title": "GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"assignerShortName": "GV",
"cveId": "CVE-2026-7161",
"datePublished": "2026-05-04T00:39:39.188Z",
"dateReserved": "2026-04-27T00:00:42.121Z",
"dateUpdated": "2026-06-15T19:19:08.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4606 (GCVE-0-2026-4606)
Vulnerability from nvd – Published: 2026-03-23 01:05 – Updated: 2026-03-24 03:56
VLAI
Title
GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
Summary
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.
During installation, ERM creates a Windows service that runs under the LocalSystem account.
When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.
Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.
Any ERM function invoking Windows file open/save dialogs exposes the same risk.
This vulnerability allows local privilege escalation and may result in full system compromise.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with unnecessary privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | GV-Edge Recording Manager |
Affected:
2.3.1
Unaffected: 2.3.2 |
Date Public
2026-03-23 01:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T03:56:02.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.geovision.com.tw/download/product/GV%E2%80%90Edge%20Recording%20Manager%20(Windows%20Version)",
"defaultStatus": "unaffected",
"packageName": "GV-Edge Recording Manager",
"platforms": [
"Windows"
],
"product": "GV-Edge Recording Manager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "unaffected",
"version": "2.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported by security researcher Chao Liu (chaoliu@rbbusa.com)"
}
],
"datePublic": "2026-03-23T01:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u0026nbsp;\u003c/p\u003e\u003cp\u003eDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis vulnerability allows local privilege escalation and may result in full system compromise.\u003c/p\u003e"
}
],
"value": "GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u00a0\n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u00a0\n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u00a0\n\nFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u00a0\n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u00a0\n\nThis vulnerability allows local privilege escalation and may result in full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "IRRECOVERABLE",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with unnecessary privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T01:15:18.367Z",
"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"shortName": "GV"
},
"references": [
{
"url": "https://https://www.geovision.com.tw/cyber_security.php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"assignerShortName": "GV",
"cveId": "CVE-2026-4606",
"datePublished": "2026-03-23T01:05:31.952Z",
"dateReserved": "2026-03-23T00:46:43.918Z",
"dateUpdated": "2026-03-24T03:56:02.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47795 (GCVE-0-2021-47795)
Vulnerability from nvd – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:06
VLAI
KEVIntel
Title
GeoVision Geowebserver 5.3.3 - Local FIle Inclusion
Summary
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50211 | exploit |
| https://www.geovision.com.tw/cyber_security.php | product |
| https://www.vulncheck.com/advisories/geovision-ge… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Geovision | GeoVision Geowebserver |
Affected:
<= 5.3.3
|
Date Public
2021-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:07:12.459055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T16:07:18.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GeoVision Geowebserver",
"vendor": "Geovision",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ken \u0027s1ngular1ty\u0027 Pyle"
}
],
"datePublic": "2021-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:06:12.212Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50211",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50211"
},
{
"name": "GeoVision Cyber Security Page",
"tags": [
"product"
],
"url": "https://www.geovision.com.tw/cyber_security.php"
},
{
"name": "VulnCheck Advisory: GeoVision Geowebserver 5.3.3 - Local FIle Inclusion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion"
}
],
"title": "GeoVision Geowebserver 5.3.3 - Local FIle Inclusion",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47795",
"datePublished": "2026-01-15T23:25:44.158Z",
"dateReserved": "2026-01-14T14:39:44.739Z",
"dateUpdated": "2026-04-07T14:06:12.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12553 (GCVE-0-2024-12553)
Vulnerability from nvd – Published: 2024-12-13 22:34 – Updated: 2024-12-16 17:55
VLAI
Title
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
Summary
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.
The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | GV-ASManager |
Affected:
6.1.0
|
Date Public
2024-12-12 19:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T17:55:15.097729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:55:27.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GV-ASManager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "6.1.0"
}
]
}
],
"dateAssigned": "2024-12-11T21:53:45.854Z",
"datePublic": "2024-12-12T19:31:55.073Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.\n\nThe specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T22:34:23.601Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1682",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1682/"
}
],
"source": {
"lang": "en",
"value": "Angela"
},
"title": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12553",
"datePublished": "2024-12-13T22:34:23.601Z",
"dateReserved": "2024-12-11T21:53:45.864Z",
"dateUpdated": "2024-12-16T17:55:27.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46070 (GCVE-0-2022-46070)
Vulnerability from nvd – Published: 2024-03-11 00:00 – Updated: 2025-04-16 15:48
VLAI
Summary
GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gv_asmanager | gv_asmanager |
Affected:
v6.0.1.0
cpe:2.3:a:gv_asmanager:gv_asmanager:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gv_asmanager:gv_asmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv_asmanager",
"vendor": "gv_asmanager",
"versions": [
{
"status": "affected",
"version": "v6.0.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T17:26:49.618903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:48:41.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T21:36:58.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46070",
"datePublished": "2024-03-11T00:00:00.000Z",
"dateReserved": "2022-11-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T15:48:41.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23059 (GCVE-0-2023-23059)
Vulnerability from nvd – Published: 2023-05-04 00:00 – Updated: 2025-01-29 20:54
VLAI
Summary
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:39.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://geovision.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://gv-edge.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:53:53.403632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T20:54:00.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://geovision.com"
},
{
"url": "http://gv-edge.com"
},
{
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23059",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2025-01-29T20:54:00.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3931 (GCVE-0-2020-3931)
Vulnerability from nvd – Published: 2020-07-08 10:05 – Updated: 2024-09-16 17:23
VLAI
Title
GeoVision Door Access Control Device - Buffer overflow vulnerability
Summary
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
Severity
9.8 (Critical)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html | x_refsource_MISC |
| https://www.acronis.com/en-us/blog/posts/backdoor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
Date Public
2020-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T10:05:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-07-08T10:00:00.000Z",
"ID": "CVE-2020-3931",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"name": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3931",
"datePublished": "2020-07-08T10:05:21.030Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:23:37.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3930 (GCVE-0-2020-3930)
Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-16 16:57
VLAI
Title
GeoVision Door Access Control Device - Information disclosure vulnerability
Summary
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
Severity
4 (Medium)
CWE
- Information disclosure vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-GF192x , ≤ 1.10
(custom)
|
Date Public
2020-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3930",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Information disclosure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3930",
"datePublished": "2020-06-12T08:25:23.937Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:40.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3929 (GCVE-0-2020-3929)
Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
VLAI
Title
GeoVision Door Access Control Device - Shared cryptographic keys
Summary
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Severity
5.9 (Medium)
CWE
- Shared cryptographic keys
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
Date Public
2020-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Shared cryptographic keys",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Shared cryptographic keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3929",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shared cryptographic keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3929",
"datePublished": "2020-06-12T08:25:23.476Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:42.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3928 (GCVE-0-2020-3928)
Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
VLAI
Title
GeoVision Door Access Control Device - Hardcoded privileged password
Summary
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
Severity
6.2 (Medium)
CWE
- Hardcoded privileged password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
Date Public
2020-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded privileged password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Hardcoded privileged password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3928",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded privileged password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3928",
"datePublished": "2020-06-12T08:25:23.055Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5087 (GCVE-0-2009-5087)
Vulnerability from nvd – Published: 2011-09-09 23:00 – Updated: 2024-08-07 07:24
VLAI
Summary
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8372 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/8041 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/33735 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/500858/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/51886 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/33924 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8372",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"refsource": "OSVDB",
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5087",
"datePublished": "2011-09-09T23:00:00.000Z",
"dateReserved": "2011-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:54.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-7161 (GCVE-0-2026-7161)
Vulnerability from cvelistv5 – Published: 2026-05-04 00:39 – Updated: 2026-06-15 19:19
VLAI
Title
GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability
Summary
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.
When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.
Severity
9.3 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-656 - - Reliance on Security Through Obscurity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.geovision.com.tw/cyber_security.php | vendor-advisory |
| https://talosintelligence.com/vulnerability_reports/ | third-party-advisory |
| https://www.talosintelligence.com/vulnerability_r… |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision Inc. | GV-IP Device Utility |
Affected:
9.0.5.0
Unaffected: 9.0.7.0 |
Date Public
2026-04-27 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T03:56:17.236234Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T12:42:38.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-15T19:19:08.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "GV-IP Device Utility",
"vendor": "GeoVision Inc.",
"versions": [
{
"status": "affected",
"version": "9.0.5.0"
},
{
"status": "unaffected",
"version": "9.0.7.0"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geovision_inc.:gv-ip_device_utility:9.0.5.0:*:windows:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:geovision_inc.:gv-ip_device_utility:9.0.7.0:*:windows:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Philippe Laulheret of Cisco Talos."
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Kelly Patterson of Cisco Talos."
},
{
"lang": "en",
"type": "coordinator",
"value": "Martin Zeiser of Cisco Talos."
}
],
"datePublic": "2026-04-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eWhen interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the \"obscurity\" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.\u003c/div\u003e"
}
],
"value": "An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.\n\n\nWhen interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the \"obscurity\" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default."
}
],
"impacts": [
{
"capecId": "CAPEC-158",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-158 Sniffing Network Traffic"
}
]
},
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-656",
"description": "CWE-656 - Reliance on Security Through Obscurity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T00:39:39.188Z",
"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"shortName": "GV"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.geovision.com.tw/cyber_security.php"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "GeoVision GV-IP Device Utility Device version 9.0.7.0 has patched reported vulnerability.\u0026nbsp;\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUser is recommended to update to version 9.0.7.0 from GeoVision\u0027s offical website\u0026nbsp;\u003c/div\u003e\u003cdiv\u003e(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\u003c/div\u003e\u003cdiv\u003eor contact GeoVision Support team\u003c/div\u003e"
}
],
"value": "GeoVision GV-IP Device Utility Device version 9.0.7.0 has patched reported vulnerability.\u00a0\n\n\nUser is recommended to update to version 9.0.7.0 from GeoVision\u0027s offical website\u00a0\n\n(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\n\nor contact GeoVision Support team"
}
],
"source": {
"advisory": "TALOS-2025-2322",
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2026-02-17T00:16:00.000Z",
"value": "Initial Vendor Contact"
}
],
"title": "GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"assignerShortName": "GV",
"cveId": "CVE-2026-7161",
"datePublished": "2026-05-04T00:39:39.188Z",
"dateReserved": "2026-04-27T00:00:42.121Z",
"dateUpdated": "2026-06-15T19:19:08.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4606 (GCVE-0-2026-4606)
Vulnerability from cvelistv5 – Published: 2026-03-23 01:05 – Updated: 2026-03-24 03:56
VLAI
Title
GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege
Summary
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.
During installation, ERM creates a Windows service that runs under the LocalSystem account.
When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.
Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.
Any ERM function invoking Windows file open/save dialogs exposes the same risk.
This vulnerability allows local privilege escalation and may result in full system compromise.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-250 - Execution with unnecessary privileges
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | GV-Edge Recording Manager |
Affected:
2.3.1
Unaffected: 2.3.2 |
Date Public
2026-03-23 01:15
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T03:56:02.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.geovision.com.tw/download/product/GV%E2%80%90Edge%20Recording%20Manager%20(Windows%20Version)",
"defaultStatus": "unaffected",
"packageName": "GV-Edge Recording Manager",
"platforms": [
"Windows"
],
"product": "GV-Edge Recording Manager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "unaffected",
"version": "2.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported by security researcher Chao Liu (chaoliu@rbbusa.com)"
}
],
"datePublic": "2026-03-23T01:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u0026nbsp;\u003c/p\u003e\u003cp\u003eDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis vulnerability allows local privilege escalation and may result in full system compromise.\u003c/p\u003e"
}
],
"value": "GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u00a0\n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u00a0\n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u00a0\n\nFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u00a0\n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u00a0\n\nThis vulnerability allows local privilege escalation and may result in full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "IRRECOVERABLE",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with unnecessary privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T01:15:18.367Z",
"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"shortName": "GV"
},
"references": [
{
"url": "https://https://www.geovision.com.tw/cyber_security.php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"assignerShortName": "GV",
"cveId": "CVE-2026-4606",
"datePublished": "2026-03-23T01:05:31.952Z",
"dateReserved": "2026-03-23T00:46:43.918Z",
"dateUpdated": "2026-03-24T03:56:02.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47795 (GCVE-0-2021-47795)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:06
VLAI
KEVIntel
Title
GeoVision Geowebserver 5.3.3 - Local FIle Inclusion
Summary
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50211 | exploit |
| https://www.geovision.com.tw/cyber_security.php | product |
| https://www.vulncheck.com/advisories/geovision-ge… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Geovision | GeoVision Geowebserver |
Affected:
<= 5.3.3
|
Date Public
2021-08-17 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:07:12.459055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T16:07:18.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GeoVision Geowebserver",
"vendor": "Geovision",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ken \u0027s1ngular1ty\u0027 Pyle"
}
],
"datePublic": "2021-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:06:12.212Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50211",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50211"
},
{
"name": "GeoVision Cyber Security Page",
"tags": [
"product"
],
"url": "https://www.geovision.com.tw/cyber_security.php"
},
{
"name": "VulnCheck Advisory: GeoVision Geowebserver 5.3.3 - Local FIle Inclusion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion"
}
],
"title": "GeoVision Geowebserver 5.3.3 - Local FIle Inclusion",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47795",
"datePublished": "2026-01-15T23:25:44.158Z",
"dateReserved": "2026-01-14T14:39:44.739Z",
"dateUpdated": "2026-04-07T14:06:12.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12553 (GCVE-0-2024-12553)
Vulnerability from cvelistv5 – Published: 2024-12-13 22:34 – Updated: 2024-12-16 17:55
VLAI
Title
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
Summary
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.
The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | GV-ASManager |
Affected:
6.1.0
|
Date Public
2024-12-12 19:31
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T17:55:15.097729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:55:27.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GV-ASManager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "6.1.0"
}
]
}
],
"dateAssigned": "2024-12-11T21:53:45.854Z",
"datePublic": "2024-12-12T19:31:55.073Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.\n\nThe specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T22:34:23.601Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1682",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1682/"
}
],
"source": {
"lang": "en",
"value": "Angela"
},
"title": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12553",
"datePublished": "2024-12-13T22:34:23.601Z",
"dateReserved": "2024-12-11T21:53:45.864Z",
"dateUpdated": "2024-12-16T17:55:27.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46070 (GCVE-0-2022-46070)
Vulnerability from cvelistv5 – Published: 2024-03-11 00:00 – Updated: 2025-04-16 15:48
VLAI
Summary
GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gv_asmanager | gv_asmanager |
Affected:
v6.0.1.0
cpe:2.3:a:gv_asmanager:gv_asmanager:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gv_asmanager:gv_asmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv_asmanager",
"vendor": "gv_asmanager",
"versions": [
{
"status": "affected",
"version": "v6.0.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T17:26:49.618903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:48:41.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T21:36:58.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46070",
"datePublished": "2024-03-11T00:00:00.000Z",
"dateReserved": "2022-11-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T15:48:41.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23059 (GCVE-0-2023-23059)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-01-29 20:54
VLAI
Summary
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-276 - Incorrect Default Permissions
Assigner
References
3 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:39.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://geovision.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://gv-edge.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:53:53.403632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T20:54:00.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://geovision.com"
},
{
"url": "http://gv-edge.com"
},
{
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23059",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2025-01-29T20:54:00.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3931 (GCVE-0-2020-3931)
Vulnerability from cvelistv5 – Published: 2020-07-08 10:05 – Updated: 2024-09-16 17:23
VLAI
Title
GeoVision Door Access Control Device - Buffer overflow vulnerability
Summary
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
Severity
9.8 (Critical)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html | x_refsource_MISC |
| https://www.acronis.com/en-us/blog/posts/backdoor… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
Date Public
2020-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T10:05:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-07-08T10:00:00.000Z",
"ID": "CVE-2020-3931",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"name": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3931",
"datePublished": "2020-07-08T10:05:21.030Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:23:37.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3930 (GCVE-0-2020-3930)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-16 16:57
VLAI
Title
GeoVision Door Access Control Device - Information disclosure vulnerability
Summary
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
Severity
4 (Medium)
CWE
- Information disclosure vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-GF192x , ≤ 1.10
(custom)
|
Date Public
2020-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3930",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Information disclosure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3930",
"datePublished": "2020-06-12T08:25:23.937Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:40.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3929 (GCVE-0-2020-3929)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
VLAI
Title
GeoVision Door Access Control Device - Shared cryptographic keys
Summary
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Severity
5.9 (Medium)
CWE
- Shared cryptographic keys
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
Date Public
2020-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Shared cryptographic keys",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Shared cryptographic keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3929",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shared cryptographic keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3929",
"datePublished": "2020-06-12T08:25:23.476Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:42.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3928 (GCVE-0-2020-3928)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
VLAI
Title
GeoVision Door Access Control Device - Hardcoded privileged password
Summary
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
Severity
6.2 (Medium)
CWE
- Hardcoded privileged password
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
Date Public
2020-06-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded privileged password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Hardcoded privileged password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3928",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded privileged password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3928",
"datePublished": "2020-06-12T08:25:23.055Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5087 (GCVE-0-2009-5087)
Vulnerability from cvelistv5 – Published: 2011-09-09 23:00 – Updated: 2024-08-07 07:24
VLAI
Summary
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/8372 | third-party-advisoryx_refsource_SREASON |
| http://www.exploit-db.com/exploits/8041 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/33735 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/500858/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/51886 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/33924 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-02-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8372",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"refsource": "OSVDB",
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5087",
"datePublished": "2011-09-09T23:00:00.000Z",
"dateReserved": "2011-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:24:54.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202006-1300
Vulnerability from variot - Updated: 2024-02-13 22:54GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
An information disclosure vulnerability exists in GeoVision GV-GF192x v1.10. Attackers can use this vulnerability to obtain log information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1300",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-gf192x",
"scope": "eq",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "gv-gf192x",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-gf192x",
"scope": "eq",
"trust": 0.6,
"vendor": "geovision",
"version": "v1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-gf192x_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-gf192x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Acronis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3930",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006700",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2021-24895",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2020-3930",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "twcert@cert.org.tw",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006700",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3930",
"trust": 1.0,
"value": "LOW"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2020-3930",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006700",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2021-24895",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-983",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-3930",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "VULMON",
"id": "CVE-2020-3930"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. \n\r\n\r\nAn information disclosure vulnerability exists in GeoVision GV-GF192x v1.10. Attackers can use this vulnerability to obtain log information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3930"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "VULMON",
"id": "CVE-2020-3930"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3930",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-24895",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-983",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-3930",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "VULMON",
"id": "CVE-2020-3930"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"id": "VAR-202006-1300",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
}
],
"trust": 0.86666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
}
]
},
"last_update_date": "2024-02-13T22:54:46.459000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geovision.com.tw/"
},
{
"title": "Patch for GeoVision GV-GF192x information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/305366"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3930"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3930"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/532.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "VULMON",
"id": "CVE-2020-3930"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"db": "VULMON",
"id": "CVE-2020-3930"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
},
{
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"date": "2020-06-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3930"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-983"
},
{
"date": "2020-06-12T09:15:10.460000",
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-24895"
},
{
"date": "2020-07-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3930"
},
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006700"
},
{
"date": "2020-07-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-983"
},
{
"date": "2020-07-23T20:02:28.933000",
"db": "NVD",
"id": "CVE-2020-3930"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GeoVision Door Access Control Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006700"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-983"
}
],
"trust": 0.6
}
}
VAR-201908-0569
Vulnerability from variot - Updated: 2023-12-18 13:47A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13406"
}
]
},
"cve": "CVE-2019-13406",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13406",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34623",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-145249",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13406",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13406",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-34623",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A broken access control vulnerability found in Advan VD-1 firmware versions up to 230. An attacker can send a POST request to cgibin/ApkUpload.cgi to install arbitrary APK without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13406",
"trust": 3.1
},
{
"db": "TWCERT",
"id": "TVN-201906007",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34623",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145249",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"id": "VAR-201908-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
}
]
},
"last_update_date": "2023-12-18T13:47:51.955000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
},
{
"title": "Patch for AndroVideo Advan VD-1 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183553"
},
{
"title": "AndroVideo Advan VD-1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13406"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/hvut7"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906007"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13406"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "VULHUB",
"id": "VHN-145249"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145249"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"date": "2019-08-29T01:15:11.647000",
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-145249"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008720"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-13406"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AndroVideo Advan VD-1 Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34623"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2178"
}
],
"trust": 0.6
}
}
VAR-201908-0571
Vulnerability from variot - Updated: 2023-12-18 13:28A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo. An attacker could use this vulnerability to access locations outside the restricted directory. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-vd8700",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.01"
},
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vr360",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vr360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vr360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vd8700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vd8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13408"
}
]
},
"cve": "CVE-2019-13408",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13408",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34622",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-145251",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13408",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13408",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-34622",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2182",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. An attacker could use this vulnerability to access locations outside the restricted directory. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13408",
"trust": 3.1
},
{
"db": "TWCERT",
"id": "TVN-201906009",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34622",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145251",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"id": "VAR-201908-0571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
}
]
},
"last_update_date": "2023-12-18T13:28:29.418000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
},
{
"title": "Patch for AndroVideo Advan VD-1 path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183555"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-862",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13408"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/2bvxq"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906009"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13408"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "VULHUB",
"id": "VHN-145251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145251"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"date": "2019-08-29T01:15:11.803000",
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"date": "2020-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-145251"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008722"
},
{
"date": "2020-10-08T13:37:17.160000",
"db": "NVD",
"id": "CVE-2019-13408"
},
{
"date": "2020-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AndroVideo Advan VD-1 path traversal vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34622"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2182"
}
],
"trust": 0.6
}
}
VAR-202006-1299
Vulnerability from variot - Updated: 2023-12-18 13:01GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1299",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "geovision gv-as210",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "2.21"
},
{
"model": "geovision gv-as1010",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "1.32"
},
{
"model": "geovision gv-as810",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "2.21"
},
{
"model": "geovision gv-as410",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "2.21"
},
{
"model": "geovision gv-gf192x",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "1.10"
},
{
"model": "gv-as1010",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-as210",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-as410",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-as810",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-gf192x",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as410:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3929"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Acronis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3929",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006699",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006699",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3929",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2020-3929",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006699",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-982",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3929",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006699",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-982",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"id": "VAR-202006-1299",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26666668
},
"last_update_date": "2023-12-18T13:01:43.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geovision.com.tw/"
},
{
"title": "Multiple GeoVision Product encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122046"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3929"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3929"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"date": "2020-06-12T09:15:10.380000",
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006699"
},
{
"date": "2020-06-18T00:50:51.093000",
"db": "NVD",
"id": "CVE-2020-3929"
},
{
"date": "2020-06-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GeoVision Door Access Control Cryptographic strength vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006699"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-982"
}
],
"trust": 0.6
}
}
VAR-202006-1298
Vulnerability from variot - Updated: 2023-12-18 12:42GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1298",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "geovision gv-as210",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "2.21"
},
{
"model": "geovision gv-as1010",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "1.32"
},
{
"model": "geovision gv-as810",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "2.21"
},
{
"model": "geovision gv-as410",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "2.21"
},
{
"model": "geovision gv-gf192x",
"scope": "lt",
"trust": 1.0,
"vendor": "usavisionsys",
"version": "1.10"
},
{
"model": "gv-as1010",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-as210",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-as410",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-as810",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-gf192x",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as210:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as410:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as810:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.32",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3928"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Acronis",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3928",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-006698",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "twcert@cert.org.tw",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-006698",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3928",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "twcert@cert.org.tw",
"id": "CVE-2020-3928",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006698",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-981",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3928",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006698",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-981",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
]
},
"id": "VAR-202006-1298",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26666668
},
"last_update_date": "2023-12-18T12:42:55.277000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.geovision.com.tw/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3928"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3928"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"date": "2020-06-12T09:15:10.287000",
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"date": "2020-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006698"
},
{
"date": "2020-06-18T12:36:17.440000",
"db": "NVD",
"id": "CVE-2020-3928"
},
{
"date": "2020-07-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GeoVision Door Access Control Vulnerability in using hard-coded credentials on devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006698"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-981"
}
],
"trust": 0.6
}
}
VAR-201908-0570
Vulnerability from variot - Updated: 2023-12-18 12:36A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Advan VD-1 The firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0570",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-vd8700",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.01"
},
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vr360",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vr360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vr360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vd8700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vd8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13407"
}
]
},
"cve": "CVE-2019-13407",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-13407",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-145250",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-13407",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13407",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-145250",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Advan VD-1 The firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "VULHUB",
"id": "VHN-145250"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13407",
"trust": 2.5
},
{
"db": "TWCERT",
"id": "TVN-201906008",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-145250",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"id": "VAR-201908-0570",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
}
],
"trust": 0.8222222
},
"last_update_date": "2023-12-18T12:36:05.167000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 1.7,
"url": "http://surl.twcert.org.tw/sptwh"
},
{
"trust": 1.7,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906008"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13407"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13407"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-145250"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-145250"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"date": "2019-08-29T01:15:11.710000",
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-145250"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008721"
},
{
"date": "2019-10-09T23:46:27.500000",
"db": "NVD",
"id": "CVE-2019-13407"
},
{
"date": "2020-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advan VD-1 Firmware cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008721"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2181"
}
],
"trust": 0.6
}
}
VAR-201908-1826
Vulnerability from variot - Updated: 2023-12-18 12:36A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan's AndroVideo.
AndroVideo Advan VD-1 has a trust management issue vulnerability. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. to attack affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-1826",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-vd8700",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.01"
},
{
"model": "vd 1",
"scope": "lte",
"trust": 1.0,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vr360",
"scope": "lte",
"trust": 1.0,
"vendor": "geovision",
"version": "1.10"
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.8,
"vendor": "androvideo",
"version": "230"
},
{
"model": "gv-vd8700",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "gv-vr360",
"scope": null,
"trust": 0.8,
"vendor": "geovision",
"version": null
},
{
"model": "advan vd-1",
"scope": "lte",
"trust": 0.6,
"vendor": "androvideo",
"version": "\u003c=230"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:androvideo:vd_1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "230",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:androvideo:vd_1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vr360_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vr360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:geovision:gv-vd8700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:geovision:gv-vd8700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11064"
}
]
},
"cve": "CVE-2019-11064",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-11064",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-34625",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-142673",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11064",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11064",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-11064",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-34625",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2174",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-142673",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-11064",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator\u2019s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. AndroVideo Advan VD-1 is a security camera from Taiwan\u0027s AndroVideo. \n\nAndroVideo Advan VD-1 has a trust management issue vulnerability. AndroVideo Advan VD-1 is a security camera produced by AndroVideo Company in Taiwan, China. to attack affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11064",
"trust": 3.2
},
{
"db": "TWCERT",
"id": "TVN-201906005",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-34625",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142673",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-11064",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"id": "VAR-201908-1826",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
}
]
},
"last_update_date": "2023-12-18T12:36:03.498000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.androvideo.com/"
},
{
"title": "GV-VR360",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vr360"
},
{
"title": "GV-VD8700",
"trust": 0.8,
"url": "http://www.geovision.com.tw/jp/product/gv-vd8700"
},
{
"title": "Patch for AndroVideo Advan VD-1 Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/183549"
},
{
"title": "AndroVideo Advan VD-1 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97657"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11064"
},
{
"trust": 1.8,
"url": "http://surl.twcert.org.tw/gcdqn"
},
{
"trust": 1.8,
"url": "https://tvn.twcert.org.tw/taiwanvn/tvn-201906005"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11064"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"db": "VULHUB",
"id": "VHN-142673"
},
{
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-142673"
},
{
"date": "2019-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"date": "2019-08-29T01:15:11.087000",
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"date": "2019-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-34625"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-142673"
},
{
"date": "2020-10-02T00:00:00",
"db": "VULMON",
"id": "CVE-2019-11064"
},
{
"date": "2019-09-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008724"
},
{
"date": "2020-10-02T15:27:36.407000",
"db": "NVD",
"id": "CVE-2019-11064"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Advan VD-1 Firmware vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008724"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2174"
}
],
"trust": 0.6
}
}
VAR-201802-1412
Vulnerability from variot - Updated: 2022-05-04 09:33Geovision is a Taiwan-based company that specializes in digital security surveillance systems, providing core applications such as image capture, image analysis, image compression, and image processing to provide customers with smart applications and best-in-class monitoring solutions. The GV-BX1500 and GV-MFD1501 are two cameras from Geovision. The GeovisionIP camera device has leaked configuration information, username and password to modify admin privileges, and remote command execution vulnerabilities. The attacker can use the vulnerability to obtain all the configuration information of the device, obtain and modify the original account information and execute the command remotely, and successfully getshell.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-1412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gv-bx1500",
"scope": null,
"trust": 0.6,
"vendor": "geovision",
"version": null
},
{
"model": "gv-mfd1501",
"scope": null,
"trust": 0.6,
"vendor": "geovision",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03053",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2018-03053",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Geovision is a Taiwan-based company that specializes in digital security surveillance systems, providing core applications such as image capture, image analysis, image compression, and image processing to provide customers with smart applications and best-in-class monitoring solutions. The GV-BX1500 and GV-MFD1501 are two cameras from Geovision. The GeovisionIP camera device has leaked configuration information, username and password to modify admin privileges, and remote command execution vulnerabilities. The attacker can use the vulnerability to obtain all the configuration information of the device, obtain and modify the original account information and execute the command remotely, and successfully getshell.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03053",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"id": "VAR-201802-1412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"last_update_date": "2022-05-04T09:33:54.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GeovisionIP camera device has multiple patches for remote vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/116075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "https://github.com/mcw0/poc/blob/master/geovision%20ip%20camera%20multiple"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03053"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple remote vulnerabilities in Geovision IP camera devices",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03053"
}
],
"trust": 0.6
}
}