Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for geovision_gv-as210_firmware by usavisionsys

    CVE-2020-3929 (GCVE-0-2020-3929)

    Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
    VLAI
    Title
    GeoVision Door Access Control Device - Shared cryptographic keys
    Summary
    GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
    CWE
    • Shared cryptographic keys
    Assigner
    References
    Impacted products
    Vendor Product Version
    GeoVision Door Access Control Device Affected: GV-AS210 , ≤ 2.21 (custom)
    Affected: GV-AS410 , ≤ 2.21 (custom)
    Affected: GV-AS810 , ≤ 2.21 (custom)
    Affected: GV-GF192x , ≤ 1.10 (custom)
    Affected: GV-AS1010 , ≤ 1.32 (custom)
    Create a notification for this product.
    Date Public
    2020-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:19.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Door Access Control Device",
              "vendor": "GeoVision",
              "versions": [
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS210",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS810",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.10",
                  "status": "affected",
                  "version": "GV-GF192x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.32",
                  "status": "affected",
                  "version": "GV-AS1010",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Shared cryptographic keys",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-12T08:25:23.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "GeoVision Door Access Control Device - Shared cryptographic keys",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
              "ID": "CVE-2020-3929",
              "STATE": "PUBLIC",
              "TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Door Access Control Device",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS210",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS410",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS810",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-GF192x",
                                "version_value": "1.10"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS1010",
                                "version_value": "1.32"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GeoVision"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Shared cryptographic keys"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3929",
        "datePublished": "2020-06-12T08:25:23.476Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:26:42.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3928 (GCVE-0-2020-3928)

    Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
    VLAI
    Title
    GeoVision Door Access Control Device - Hardcoded privileged password
    Summary
    GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
    CWE
    • Hardcoded privileged password
    Assigner
    References
    Impacted products
    Vendor Product Version
    GeoVision Door Access Control Device Affected: GV-AS210 , ≤ 2.21 (custom)
    Affected: GV-AS410 , ≤ 2.21 (custom)
    Affected: GV-AS810 , ≤ 2.21 (custom)
    Affected: GV-GF192x , ≤ 1.10 (custom)
    Affected: GV-AS1010 , ≤ 1.32 (custom)
    Create a notification for this product.
    Date Public
    2020-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:19.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Door Access Control Device",
              "vendor": "GeoVision",
              "versions": [
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS210",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS810",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.10",
                  "status": "affected",
                  "version": "GV-GF192x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.32",
                  "status": "affected",
                  "version": "GV-AS1010",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hardcoded privileged password",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-12T08:25:22.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "GeoVision Door Access Control Device - Hardcoded privileged password",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
              "ID": "CVE-2020-3928",
              "STATE": "PUBLIC",
              "TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Door Access Control Device",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS210",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS410",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS810",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-GF192x",
                                "version_value": "1.10"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS1010",
                                "version_value": "1.32"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GeoVision"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Hardcoded privileged password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3928",
        "datePublished": "2020-06-12T08:25:23.055Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:21:32.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3929 (GCVE-0-2020-3929)

    Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
    VLAI
    Title
    GeoVision Door Access Control Device - Shared cryptographic keys
    Summary
    GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
    CWE
    • Shared cryptographic keys
    Assigner
    References
    Impacted products
    Vendor Product Version
    GeoVision Door Access Control Device Affected: GV-AS210 , ≤ 2.21 (custom)
    Affected: GV-AS410 , ≤ 2.21 (custom)
    Affected: GV-AS810 , ≤ 2.21 (custom)
    Affected: GV-GF192x , ≤ 1.10 (custom)
    Affected: GV-AS1010 , ≤ 1.32 (custom)
    Create a notification for this product.
    Date Public
    2020-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:19.823Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Door Access Control Device",
              "vendor": "GeoVision",
              "versions": [
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS210",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS810",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.10",
                  "status": "affected",
                  "version": "GV-GF192x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.32",
                  "status": "affected",
                  "version": "GV-AS1010",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Shared cryptographic keys",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-12T08:25:23.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "GeoVision Door Access Control Device - Shared cryptographic keys",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
              "ID": "CVE-2020-3929",
              "STATE": "PUBLIC",
              "TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Door Access Control Device",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS210",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS410",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS810",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-GF192x",
                                "version_value": "1.10"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS1010",
                                "version_value": "1.32"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GeoVision"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Shared cryptographic keys"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3929",
        "datePublished": "2020-06-12T08:25:23.476Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:26:42.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3928 (GCVE-0-2020-3928)

    Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
    VLAI
    Title
    GeoVision Door Access Control Device - Hardcoded privileged password
    Summary
    GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
    CWE
    • Hardcoded privileged password
    Assigner
    References
    Impacted products
    Vendor Product Version
    GeoVision Door Access Control Device Affected: GV-AS210 , ≤ 2.21 (custom)
    Affected: GV-AS410 , ≤ 2.21 (custom)
    Affected: GV-AS810 , ≤ 2.21 (custom)
    Affected: GV-GF192x , ≤ 1.10 (custom)
    Affected: GV-AS1010 , ≤ 1.32 (custom)
    Create a notification for this product.
    Date Public
    2020-06-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:52:19.776Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Door Access Control Device",
              "vendor": "GeoVision",
              "versions": [
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS210",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS410",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "2.21",
                  "status": "affected",
                  "version": "GV-AS810",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.10",
                  "status": "affected",
                  "version": "GV-GF192x",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "1.32",
                  "status": "affected",
                  "version": "GV-AS1010",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-06-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Hardcoded privileged password",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-12T08:25:22.000Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "GeoVision Door Access Control Device - Hardcoded privileged password",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "AKA": "TWCERT/CC",
              "ASSIGNER": "cve@cert.org.tw",
              "DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
              "ID": "CVE-2020-3928",
              "STATE": "PUBLIC",
              "TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Door Access Control Device",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS210",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS410",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS810",
                                "version_value": "2.21"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-GF192x",
                                "version_value": "1.10"
                              },
                              {
                                "version_affected": "\u003c=",
                                "version_name": "GV-AS1010",
                                "version_value": "1.32"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GeoVision"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Hardcoded privileged password"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
                  "refsource": "MISC",
                  "url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
              }
            ],
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2020-3928",
        "datePublished": "2020-06-12T08:25:23.055Z",
        "dateReserved": "2019-12-20T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:21:32.177Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }