CVE-2020-3928

GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.

CVSS v3 6.2 MEDIUM
CVSS v2.0 10.0 HIGH

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:usavisionsys:geovision_gv-as210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:usavisionsys:geovision_gv-as210:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:usavisionsys:geovision_gv-as410_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:usavisionsys:geovision_gv-as410:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:usavisionsys:geovision_gv-as810_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:usavisionsys:geovision_gv-as810:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:usavisionsys:geovision_gv-as1010_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:usavisionsys:geovision_gv-as1010:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:usavisionsys:geovision_gv-gf192x_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:usavisionsys:geovision_gv-gf192x:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:31

Type	Values Removed	Values Added
CVSS	v2 : ~~10.0~~ v3 : ~~9.8~~	v2 : 10.0 v3 : 6.2
References	~~() https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html - Third Party Advisory~~	() https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html - Third Party Advisory

Information

Published : 2020-06-12 09:15

Updated : 2024-11-21 05:31

NVD link : CVE-2020-3928

Mitre link : CVE-2020-3928

CVE.ORG link : CVE-2020-3928

JSON object : View

Products Affected

usavisionsys

geovision_gv-as210_firmware
geovision_gv-as1010
geovision_gv-as210
geovision_gv-gf192x_firmware
geovision_gv-as810
geovision_gv-as410
geovision_gv-as410_firmware
geovision_gv-as810_firmware
geovision_gv-as1010_firmware
geovision_gv-gf192x

CWE

CWE-798

Use of Hard-coded Credentials

6.2 /10