2.2.26A77

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

servision

CWE-255

critical

NVD

Published: 2015-02-03

Updated: 2015-02-04

Summary

The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.

Vulnerable Configurations

Part	Description	Count
OS	Servision Servision HVG Video Gateway Firmware 2.2.26A77 Servision HVG Video Gateway Firmware 2.2.26A100	2
Hardware	Servision Servision Hvg400 -	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

Packetstorm

data source	https://packetstormsecurity.com/files/download/135707/servisionhvg-backdoor.txt
id	PACKETSTORM:135707
last seen	2016-12-05
published	2016-02-11
reporter	Richard Tafoya
source	https://packetstormsecurity.com/files/135707/Servision-HVG-Hardcoded-Credentials.html
title	Servision HVG Hardcoded Credentials

References

http://www.kb.cert.org/vuls/id/522460