Vulnerabilities (CVE)

Filtered by vendor Geovision Subscribe
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-11120 1 Geovision 8 Gv-dsp Lpr, Gv-dsp Lpr Firmware, Gv-vs11 and 5 more 2024-12-05 N/A 9.8 CRITICAL
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
CVE-2023-3638 1 Geovision 2 Gv-adr2701, Gv-adr2701 Firmware 2024-11-21 N/A 9.8 CRITICAL
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.
CVE-2023-23059 1 Geovision 1 Gv-edge Recording Manager 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
CVE-2020-3931 1 Geovision 12 Gv-as1010, Gv-as1010 Firmware, Gv-as210 and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-3930 1 Geovision 2 Gv-gf192x, Gv-gf192x Firmware 2024-11-21 2.1 LOW 4.0 MEDIUM
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
CVE-2019-13408 2 Androvideo, Geovision 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
CVE-2019-13407 2 Androvideo, Geovision 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.
CVE-2019-11064 2 Androvideo, Geovision 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
CVE-2009-5087 1 Geovision 1 Digital Surveillance System 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
CVE-2009-1092 1 Geovision 1 Liveaudio Activex Control 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
CVE-2009-0865 1 Geovision 1 Livex Activex Control 2024-11-21 8.8 HIGH N/A
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
CVE-2005-1553 1 Geovision 1 Digital Surveillance System 2024-11-20 7.5 HIGH N/A
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
CVE-2005-1552 1 Geovision 1 Digital Surveillance System 2024-11-20 5.0 MEDIUM N/A
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
CVE-2004-2101 1 Geovision 1 Geohttpserver 2024-11-20 5.0 MEDIUM N/A
The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.
CVE-2004-2100 1 Geovision 1 Geohttpserver 2024-11-20 5.0 MEDIUM N/A
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).