Lucene search

K

Geovision Security Vulnerabilities

cve
cve

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

9.8CVSS

9.8AI Score

EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2023-3638

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web...

9.8CVSS

9.2AI Score

0.001EPSS

2023-07-19 03:15 PM
30
cve
cve

CVE-2023-23059

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated...

9.8CVSS

9.7AI Score

0.007EPSS

2023-05-04 08:15 PM
22
cve
cve

CVE-2020-3931

Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary...

9.8CVSS

9.8AI Score

0.004EPSS

2020-07-08 10:15 AM
25
cve
cve

CVE-2020-3928

GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all...

9.8CVSS

9.5AI Score

0.003EPSS

2020-06-12 09:15 AM
24
cve
cve

CVE-2020-3930

GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these...

4CVSS

5.3AI Score

0.0004EPSS

2020-06-12 09:15 AM
23
cve
cve

CVE-2020-3929

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted...

5.9CVSS

6.7AI Score

0.001EPSS

2020-06-12 09:15 AM
28
cve
cve

CVE-2019-11064

A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any...

9.8CVSS

9.2AI Score

0.004EPSS

2019-08-29 01:15 AM
147
cve
cve

CVE-2019-13408

A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any...

7.5CVSS

7.5AI Score

0.003EPSS

2019-08-29 01:15 AM
141
cve
cve

CVE-2019-13407

A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape...

6.1CVSS

5.9AI Score

0.001EPSS

2019-08-29 01:15 AM
144
cve
cve

CVE-2009-5087

Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET...

6.8AI Score

0.03EPSS

2011-09-12 12:40 PM
19
cve
cve

CVE-2009-1092

Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain...

7.9AI Score

0.171EPSS

2009-03-25 06:30 PM
19
cve
cve

CVE-2009-0865

Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX...

7.1AI Score

0.008EPSS

2009-03-10 02:30 PM
19
cve
cve

CVE-2004-2101

The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer...

7.2AI Score

0.009EPSS

2005-05-27 04:00 AM
26
cve
cve

CVE-2004-2100

GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded...

7.3AI Score

0.006EPSS

2005-05-27 04:00 AM
29
cve
cve

CVE-2005-1553

GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via...

7.2AI Score

0.007EPSS

2005-05-14 04:00 AM
16
cve
cve

CVE-2005-1552

GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the...

6.7AI Score

0.029EPSS

2005-05-14 04:00 AM
20