Lucene search

[email protected]NVD:CVE-2020-3928

HistoryJun 12, 2020 - 9:15 a.m.

CVE-2020-3928

2020-06-1209:15:10

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.2%

JSON

GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.

Affected configurations

Nvd

Node

usavisionsysgeovision_gv-as210_firmwareRange<2.21

AND

usavisionsysgeovision_gv-as210Match-

Node

usavisionsysgeovision_gv-as410_firmwareRange<2.21

AND

usavisionsysgeovision_gv-as410Match-

Node

usavisionsysgeovision_gv-as810_firmwareRange<2.21

AND

usavisionsysgeovision_gv-as810Match-

Node

usavisionsysgeovision_gv-as1010_firmwareRange<1.32

AND

usavisionsysgeovision_gv-as1010Match-

Node

usavisionsysgeovision_gv-gf192x_firmwareRange<1.10

AND

usavisionsysgeovision_gv-gf192xMatch-

VendorProductVersionCPE
usavisionsysgeovision_gv-as210_firmware*cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware:*:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as210-cpe:2.3:h:usavisionsys:geovision_gv-as210:-:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as410_firmware*cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware:*:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as410-cpe:2.3:h:usavisionsys:geovision_gv-as410:-:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as810_firmware*cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware:*:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as810-cpe:2.3:h:usavisionsys:geovision_gv-as810:-:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as1010_firmware*cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware:*:*:*:*:*:*:*:*
usavisionsysgeovision_gv-as1010-cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:*:*:*:*:*:*:*
usavisionsysgeovision_gv-gf192x_firmware*cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware:*:*:*:*:*:*:*:*
usavisionsysgeovision_gv-gf192x-cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
usavisionsys	geovision_gv-as210_firmware	*	cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware::::::::
usavisionsys	geovision_gv-as210	-	cpe:2.3:h:usavisionsys:geovision_gv-as210:-:::::::*
usavisionsys	geovision_gv-as410_firmware	*	cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware::::::::
usavisionsys	geovision_gv-as410	-	cpe:2.3:h:usavisionsys:geovision_gv-as410:-:::::::*
usavisionsys	geovision_gv-as810_firmware	*	cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware::::::::
usavisionsys	geovision_gv-as810	-	cpe:2.3:h:usavisionsys:geovision_gv-as810:-:::::::*
usavisionsys	geovision_gv-as1010_firmware	*	cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware::::::::
usavisionsys	geovision_gv-as1010	-	cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:::::::*
usavisionsys	geovision_gv-gf192x_firmware	*	cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware::::::::
usavisionsys	geovision_gv-gf192x	-	cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:::::::*

References

www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

66.2%

JSON

Related for NVD:CVE-2020-3928

prion1 cve1 cvelist1 thn1