go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

GeoVision Door Access Control Device - Shared cryptographic keys

TVN ID TVN-201912006
CVE ID CVE-2020-3929
CVSS 5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products GV-AS210 version prior to 2.21, GV-AS410 version prior to 2.21, GV-AS810 version prior to 2.21, GV-GF192x version prior to 1.10, and GV-AS1010 version prior to 1.32
Description GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Solution Update to version 2.22 in GV-AS210, version 2.22 in GV-AS410, version 2.22 in GV-AS810, version 1.22 in GV-GF192x, version 1.33 in GV-AS1010
Credit Acronis
Public Date 2020-06-12

Links

  1. CVE-2020-3929
  2. Backdoor wide open: critical vulnerabilities uncovered in GeoVision
Top