MidnightBSD

Advisories for usavisionsys

CVE-2020-3928 HIGH

GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
twcert@cert.org.tw 6.2 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 2.5 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-798,

Products Affected

Vendor Product Version
usavisionsys geovision_gv-gf192x_firmware *
usavisionsys geovision_gv-as810_firmware *
usavisionsys geovision_gv-as210_firmware *
usavisionsys geovision_gv-as410_firmware *
usavisionsys geovision_gv-as1010_firmware *
CVE-2020-3929 MEDIUM

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
twcert@cert.org.tw 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
usavisionsys geovision_gv-gf192x_firmware *
usavisionsys geovision_gv-as810_firmware *
usavisionsys geovision_gv-as210_firmware *
usavisionsys geovision_gv-as410_firmware *
usavisionsys geovision_gv-as1010_firmware *