Search criteria
17 vulnerabilities by GeoVision
CVE-2024-12553 (GCVE-0-2024-12553)
Vulnerability from cvelistv5 – Published: 2024-12-13 22:34 – Updated: 2024-12-16 17:55
VLAI?
Title
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
Summary
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.
The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.
Severity ?
6.5 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | GV-ASManager |
Affected:
6.1.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T17:55:15.097729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:55:27.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GV-ASManager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "6.1.0"
}
]
}
],
"dateAssigned": "2024-12-11T15:53:45.854-06:00",
"datePublic": "2024-12-12T13:31:55.073-06:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.\n\nThe specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T22:34:23.601Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1682",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1682/"
}
],
"source": {
"lang": "en",
"value": "Angela"
},
"title": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12553",
"datePublished": "2024-12-13T22:34:23.601Z",
"dateReserved": "2024-12-11T21:53:45.864Z",
"dateUpdated": "2024-12-16T17:55:27.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11120 (GCVE-0-2024-11120)
Vulnerability from cvelistv5 – Published: 2024-11-15 02:00 – Updated: 2025-10-21 22:55 Unsupported When Assigned X_Known Exploited Vulnerability
VLAI?
Title
GeoVision EOL devices - OS Command Injection
Summary
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs12_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs11_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-dsp_lpr_v3_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gvlx_4_v2_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gvlx_4_v3_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11120",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T17:12:05.450406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:36.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-07T00:00:00+00:00",
"value": "CVE-2024-11120 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV-VS12",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-VS11",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-DSP_LPR_V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2024-11-15T01:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
}
],
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T02:00:27.361Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; The affected devices are no longer being maintained. It is recommended to replace them.\u003cbr\u003e"
}
],
"value": "The affected devices are no longer being maintained. It is recommended to replace them."
}
],
"source": {
"advisory": "TVN-202411014",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_known-exploited-vulnerability"
],
"title": "GeoVision EOL devices - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11120",
"datePublished": "2024-11-15T02:00:27.361Z",
"dateReserved": "2024-11-12T06:23:33.571Z",
"dateUpdated": "2025-10-21T22:55:36.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6047 (GCVE-0-2024-6047)
Vulnerability from cvelistv5 – Published: 2024-06-17 05:48 – Updated: 2025-10-21 22:56 Unsupported When Assigned
VLAI?
Title
GeoVision EOL device - OS Command Injection
Summary
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GeoVision | GV_DSP_LPR_V2 |
Affected:
all
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:geovision:gv-dsp_lpr_v2:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-dsp_lpr_v2",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-bx1500:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-bx1500",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-cb220:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-cb220",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-ebl1100:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-ebl1100",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-efd1100:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-efd1100",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fd2410:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fd2410",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fd3400:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fd3400",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fd3401:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fd3401",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fe420:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fe420",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs14:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs14",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs03:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs03",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs2410:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs2410",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs04a:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs04a",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs04h:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs04h",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-lx_4_v2:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-lx_4_v2",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-lx_4_v3:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-lx_4_v3",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs28xx:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs28xx",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs216xx:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs216xx",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6047",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T17:12:10.191958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:21.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-07T00:00:00+00:00",
"value": "CVE-2024-6047 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV_DSP_LPR_V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_BX1500",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_CB220",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_EBL1100",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_EFD1100",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FD2410",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FD3400",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FE3401",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FE420",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-VS14_VS14",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS03",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS2410",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS28XX",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS216XX",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV VS04A",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV VS04H",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_BX130",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_GM8186_VS14",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2024-06-17T05:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
}
],
"value": "Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T07:33:54.631Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All affected products are no longer in surport. Please retire or replace them."
}
],
"value": "All affected products are no longer in surport. Please retire or replace them."
}
],
"source": {
"advisory": "TVN-202406015",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "GeoVision EOL device - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-6047",
"datePublished": "2024-06-17T05:48:42.779Z",
"dateReserved": "2024-06-17T02:00:24.960Z",
"dateUpdated": "2025-10-21T22:56:21.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46070 (GCVE-0-2022-46070)
Vulnerability from cvelistv5 – Published: 2024-03-11 00:00 – Updated: 2025-04-16 15:48
VLAI?
Summary
GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gv_asmanager:gv_asmanager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv_asmanager",
"vendor": "gv_asmanager",
"versions": [
{
"status": "affected",
"version": "v6.0.1.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T17:26:49.618903Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T15:48:41.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:24:03.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-11T21:36:58.997Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://s3.amazonaws.com/geovision_downloads/TechNotice/CyberSecurity/Security_Advistory_ASManager-ASM-2022-11.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-46070",
"datePublished": "2024-03-11T00:00:00.000Z",
"dateReserved": "2022-11-28T00:00:00.000Z",
"dateUpdated": "2025-04-16T15:48:41.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3638 (GCVE-0-2023-3638)
Vulnerability from cvelistv5 – Published: 2023-07-19 14:22 – Updated: 2025-01-16 21:31
VLAI?
Title
GeoVision GV-ADR2701 Improper Authentication
Summary
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.
Severity ?
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | GV-ADR2701 |
Affected:
1.00_2017_12_15
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:23:13.718169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:31:09.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV-ADR2701",
"vendor": "GeoVision ",
"versions": [
{
"status": "affected",
"version": "1.00_2017_12_15"
}
]
}
],
"datePublic": "2023-07-18T14:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIn GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
}
],
"value": "In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T14:22:13.198Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\u003cbr\u003e"
}
],
"value": "GeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision GV-ADR2701 Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3638",
"datePublished": "2023-07-19T14:22:13.198Z",
"dateReserved": "2023-07-12T13:56:15.455Z",
"dateUpdated": "2025-01-16T21:31:09.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-23059 (GCVE-0-2023-23059)
Vulnerability from cvelistv5 – Published: 2023-05-04 00:00 – Updated: 2025-01-29 20:54
VLAI?
Summary
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:28:39.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://geovision.com"
},
{
"tags": [
"x_transferred"
],
"url": "http://gv-edge.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-23059",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:53:53.403632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T20:54:00.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://geovision.com"
},
{
"url": "http://gv-edge.com"
},
{
"url": "https://packetstormsecurity.com/files/172141/GV-Edge-Recording-Manager-2.2.3.0-Privilege-Escalation.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-23059",
"datePublished": "2023-05-04T00:00:00.000Z",
"dateReserved": "2023-01-11T00:00:00.000Z",
"dateUpdated": "2025-01-29T20:54:00.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3931 (GCVE-0-2020-3931)
Vulnerability from cvelistv5 – Published: 2020-07-08 10:05 – Updated: 2024-09-16 17:23
VLAI?
Title
GeoVision Door Access Control Device - Buffer overflow vulnerability
Summary
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T10:05:20",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-07-08T10:00:00.000Z",
"ID": "CVE-2020-3931",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"name": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3931",
"datePublished": "2020-07-08T10:05:21.030166Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-16T17:23:37.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3928 (GCVE-0-2020-3928)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
VLAI?
Title
GeoVision Door Access Control Device - Hardcoded privileged password
Summary
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
Severity ?
6.2 (Medium)
CWE
- Hardcoded privileged password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded privileged password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:22",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Hardcoded privileged password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3928",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded privileged password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3928",
"datePublished": "2020-06-12T08:25:23.055079Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T01:21:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3929 (GCVE-0-2020-3929)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
VLAI?
Title
GeoVision Door Access Control Device - Shared cryptographic keys
Summary
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Severity ?
5.9 (Medium)
CWE
- Shared cryptographic keys
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Shared cryptographic keys",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Shared cryptographic keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3929",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shared cryptographic keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3929",
"datePublished": "2020-06-12T08:25:23.476254Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T02:26:42.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3930 (GCVE-0-2020-3930)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-16 16:57
VLAI?
Title
GeoVision Door Access Control Device - Information disclosure vulnerability
Summary
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
Severity ?
4 (Medium)
CWE
- Information disclosure vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-GF192x , ≤ 1.10
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3930",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Information disclosure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3930",
"datePublished": "2020-06-12T08:25:23.937925Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-16T16:57:40.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5087 (GCVE-0-2009-5087)
Vulnerability from cvelistv5 – Published: 2011-09-09 23:00 – Updated: 2024-08-07 07:24
VLAI?
Summary
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "8372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33924"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "8372",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33924"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8372",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8372"
},
{
"name": "8041",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8041"
},
{
"name": "geovision-dvss-dir-traversal(48674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48674"
},
{
"name": "33735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33735"
},
{
"name": "20090211 Directory traversal vulnerability in Geovision Digital Video Surveillance System (geohttpserver)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500858/100/0/threaded"
},
{
"name": "51886",
"refsource": "OSVDB",
"url": "http://osvdb.org/51886"
},
{
"name": "33924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33924"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5087",
"datePublished": "2011-09-09T23:00:00",
"dateReserved": "2011-09-09T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1092 (GCVE-0-2009-1092)
Vulnerability from cvelistv5 – Published: 2009-03-25 18:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geovision-liveaudio-activex-dos(49238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49238"
},
{
"name": "34115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html"
},
{
"name": "8206",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8206"
},
{
"name": "20090313 GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501773/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geovision-liveaudio-activex-dos(49238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49238"
},
{
"name": "34115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html"
},
{
"name": "8206",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8206"
},
{
"name": "20090313 GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501773/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geovision-liveaudio-activex-dos(49238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49238"
},
{
"name": "34115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34115"
},
{
"name": "http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_geovision_liveaudio_freedmem.html"
},
{
"name": "8206",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8206"
},
{
"name": "20090313 GeoVision LiveAudio ActiveX Control GetAudioPlayingTime() remote freed-memory access exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501773/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1092",
"datePublished": "2009-03-25T18:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0865 (GCVE-0-2009-0865)
Vulnerability from cvelistv5 – Published: 2009-03-10 14:00 – Updated: 2024-08-07 04:48
VLAI?
Summary
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geovision-livex-activex-file-overwrite(48773)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48773"
},
{
"name": "8059",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8059"
},
{
"name": "33969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33969"
},
{
"name": "33782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33782"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geovision-livex-activex-file-overwrite(48773)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48773"
},
{
"name": "8059",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8059"
},
{
"name": "33969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33969"
},
{
"name": "33782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33782"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geovision-livex-activex-file-overwrite(48773)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48773"
},
{
"name": "8059",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8059"
},
{
"name": "33969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33969"
},
{
"name": "33782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33782"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0865",
"datePublished": "2009-03-10T14:00:00",
"dateReserved": "2009-03-10T00:00:00",
"dateUpdated": "2024-08-07T04:48:52.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2100 (GCVE-0-2004-2100)
Vulnerability from cvelistv5 – Published: 2005-05-27 04:00 – Updated: 2024-08-08 01:15
VLAI?
Summary
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040122 GeoHttpServer Authentification Bypass Vulnerability \u0026 D.O.S (Denial Of Service)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107480261825214\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040122 GeoHttpServer Authentification Bypass Vulnerability \u0026 D.O.S (Denial Of Service)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107480261825214\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040122 GeoHttpServer Authentification Bypass Vulnerability \u0026 D.O.S (Denial Of Service)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107480261825214\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2100",
"datePublished": "2005-05-27T04:00:00",
"dateReserved": "2005-05-27T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2101 (GCVE-0-2004-2101)
Vulnerability from cvelistv5 – Published: 2005-05-27 04:00 – Updated: 2024-08-08 01:15
VLAI?
Summary
The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geohttpserver-long-password-bo(14913)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14913"
},
{
"name": "1008807",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1008807"
},
{
"name": "20040122 GeoHttpServer Authentification Bypass Vulnerability \u0026 D.O.S (Denial Of Service)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107480261825214\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geohttpserver-long-password-bo(14913)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14913"
},
{
"name": "1008807",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1008807"
},
{
"name": "20040122 GeoHttpServer Authentification Bypass Vulnerability \u0026 D.O.S (Denial Of Service)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107480261825214\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geohttpserver-long-password-bo(14913)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14913"
},
{
"name": "1008807",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1008807"
},
{
"name": "20040122 GeoHttpServer Authentification Bypass Vulnerability \u0026 D.O.S (Denial Of Service)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107480261825214\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2101",
"datePublished": "2005-05-27T04:00:00",
"dateReserved": "2005-05-27T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1553 (GCVE-0-2005-1553)
Vulnerability from cvelistv5 – Published: 2005-05-14 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "geovision-authentication-plaintext(20538)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20538"
},
{
"name": "16341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16341"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111574131105737\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "geovision-authentication-plaintext(20538)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20538"
},
{
"name": "16341",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16341"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111574131105737\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "geovision-authentication-plaintext(20538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20538"
},
{
"name": "16341",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16341"
},
{
"name": "http://www.esqo.com/research/advisories/2005/100505-1.txt",
"refsource": "MISC",
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111574131105737\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1553",
"datePublished": "2005-05-14T04:00:00",
"dateReserved": "2005-05-14T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.308Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1552 (GCVE-0-2005-1552)
Vulnerability from cvelistv5 – Published: 2005-05-14 04:00 – Updated: 2024-08-07 21:51
VLAI?
Summary
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16340",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/16340"
},
{
"name": "15330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15330"
},
{
"name": "13571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111574131105737\u0026w=2"
},
{
"name": "geovision-authentication(20537)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16340",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/16340"
},
{
"name": "15330",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15330"
},
{
"name": "13571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111574131105737\u0026w=2"
},
{
"name": "geovision-authentication(20537)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16340",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16340"
},
{
"name": "15330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15330"
},
{
"name": "13571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13571"
},
{
"name": "http://www.esqo.com/research/advisories/2005/100505-1.txt",
"refsource": "MISC",
"url": "http://www.esqo.com/research/advisories/2005/100505-1.txt"
},
{
"name": "20050510 Esqo advisory: GeoVision Digital Video Surveillance System - Multiple authentication issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111574131105737\u0026w=2"
},
{
"name": "geovision-authentication(20537)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20537"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1552",
"datePublished": "2005-05-14T04:00:00",
"dateReserved": "2005-05-14T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}