go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

GeoVision Door Access Control Device - Hardcoded Privileged Password

TVN ID TVN-201912005
CVE ID CVE-2020-3928
CVSS 6.2 (Medium)
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products GV-AS210 version prior to 2.21, GV-AS410 version prior to 2.21, GV-AS810 version prior to 2.21, GV-GF192x version prior to 1.10, and GV-AS1010 version prior to 1.32
Description GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
Solution Update to version 2.22 in GV-AS210, version 2.22 in GV-AS410, version 2.22 in GV-AS810, version 1.22 in GV-GF192x, version 1.33 in GV-AS1010
Credit Acronis
Public Date 2020-06-12

Links

  1. CVE-2020-3928
  2. Backdoor wide open: critical vulnerabilities uncovered in GeoVision
Top