Vulnerabilities > CVE-2005-1552 - Unspecified vulnerability in Geovision Digital Surveillance System 6.0.4/6.1/7.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 3 |
Nessus
| NASL family | Web Servers |
| NASL id | GEOHTTPSERVER_UNAUTHORIZED_IMAGE_ACCESS.NASL |
| description | The GeoVision Digital Surveillance System installed on the remote host suffers from a vulnerability that enables anyone to bypass authentication and view JPEG images stored on the server by calling them directly. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18220 |
| published | 2005-05-10 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/18220 |
| title | GeoHttpServer Unauthorized Image Access Vulnerability |