Security News > 2020 > June > Critical Bugs and Backdoor Found in GeoVision's Fingerprint and Card Scanners

GeoVision, a Taiwanese manufacturer of video surveillance systems and IP cameras, recently patched three of the four critical flaws impacting its card and fingerprint scanners that could've potentially allowed attackers to intercept network traffic and stage man-in-the-middle attacks.

The first issue concerns a previously undocumented root password that permits an attacker backdoor access to a device by simply using the default password and remotely log in to the vulnerable device.

Lastly, there exists a buffer overflow vulnerability in the firmware impacting GeoVision's fingerprint readers that allows attackers to run unauthorized code on the devices.

Without disclosing technical information on the fourth critical remote code execution flaw that the company left unpatched, we can mention that it could let attackers leverage a vulnerable parameter to overwrite memory structures responsible for memory management.

"It's quite surreal seeing some vendors not rushing to fix critical vulnerabilities - in addition to the low quality of the initial source code, the presence of back doors is concerning. It shows that IoT security is flawed, and each company must understand that using such devices can leave them exposed to prolonged unmitigated risks."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/pEaEvtxl_Vw/geovision-scanner-vulnerabilities.html