Search criteria
4 vulnerabilities found for geovision_gv-gf192x_firmware by usavisionsys
CVE-2020-3929 (GCVE-0-2020-3929)
Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
VLAI?
Title
GeoVision Door Access Control Device - Shared cryptographic keys
Summary
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Severity ?
5.9 (Medium)
CWE
- Shared cryptographic keys
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Shared cryptographic keys",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Shared cryptographic keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3929",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shared cryptographic keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3929",
"datePublished": "2020-06-12T08:25:23.476254Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T02:26:42.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3928 (GCVE-0-2020-3928)
Vulnerability from nvd – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
VLAI?
Title
GeoVision Door Access Control Device - Hardcoded privileged password
Summary
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
Severity ?
6.2 (Medium)
CWE
- Hardcoded privileged password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded privileged password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:22",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Hardcoded privileged password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3928",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded privileged password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3928",
"datePublished": "2020-06-12T08:25:23.055079Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T01:21:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3929 (GCVE-0-2020-3929)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 02:26
VLAI?
Title
GeoVision Door Access Control Device - Shared cryptographic keys
Summary
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Severity ?
5.9 (Medium)
CWE
- Shared cryptographic keys
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Shared cryptographic keys",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Shared cryptographic keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3929",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shared cryptographic keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3929",
"datePublished": "2020-06-12T08:25:23.476254Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T02:26:42.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3928 (GCVE-0-2020-3928)
Vulnerability from cvelistv5 – Published: 2020-06-12 08:25 – Updated: 2024-09-17 01:21
VLAI?
Title
GeoVision Door Access Control Device - Hardcoded privileged password
Summary
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
Severity ?
6.2 (Medium)
CWE
- Hardcoded privileged password
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Affected:
GV-AS210 , ≤ 2.21
(custom)
Affected: GV-AS410 , ≤ 2.21 (custom) Affected: GV-AS810 , ≤ 2.21 (custom) Affected: GV-GF192x , ≤ 1.10 (custom) Affected: GV-AS1010 , ≤ 1.32 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded privileged password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:22",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Hardcoded privileged password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3928",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded privileged password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3928",
"datePublished": "2020-06-12T08:25:23.055079Z",
"dateReserved": "2019-12-20T00:00:00",
"dateUpdated": "2024-09-17T01:21:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}