Vulnerability CVE-2019-11064
Published: 2019-08-28   Modified: 2019-08-29

Description:
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator?s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.

Type:

CWE-255

 (Credentials Management)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Geovision -> Gv-vd8700 firmware 
Geovision -> Gv-vr360 firmware 
Androvideo -> Vd 1 firmware 

 References:
http://surl.twcert.org.tw/gCDQN
https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md
https://tvn.twcert.org.tw/taiwanvn/TVN-201906005
Copyright 2024, cxsecurity.com

 

Back to Top