CRITICAL🇵🇱 Wersja polska

CVE-2026-7161

CVSS 9.3v3.1pub. 2026-05-04upd. 2026-06-15

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H
  • Geovision Gv Ip Device Utility

    APP
    Geovision
    9.0.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-11120CRITICAL9.8⚠ KEVPL ✓ten sam vendor

OS Command Injection w urządzeniach GeoVision — zdalne wykonanie poleceń bez uwierzytelnienia

CVE-2024-6047CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Command injection w urządzeniach GeoVision EOL — zdalne wykonanie poleceń

CVE-2026-42364CRITICAL9.9PL ✓ten sam vendor

Command injection w GeoVision LPC2011/LPC2211 via konfiguracja DDNS

CVE-2026-42368CRITICAL9.9PL ✓ten sam vendor

Privilege escalation w interfejsie Web GeoVision LPC2011/LPC2211

CVE-2026-42370CRITICAL9.0PL ✓ten sam vendor

Stack overflow w GeoVision GV-VMS — nieuwierzytelnione RCE przez WebCam Server