Vulnerabilities > CVE-2019-11064 - Credentials Management vulnerability in multiple products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

androvideo

geovision

CWE-255

NVD

Published: 2019-08-29

Updated: 2020-02-10

Summary

A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.

Vulnerable Configurations

Part	Description	Count
OS	Androvideo Androvideo VD 1 Firmware *	1
OS	Geovision Geovision GV Vr360 Firmware * Geovision GV Vd8700 Firmware *	2
Hardware	Androvideo Androvideo VD 1 -	1
Hardware	Geovision Geovision GV Vr360 - Geovision GV Vd8700 -	2

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://surl.twcert.org.tw/gCDQN
https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md
https://tvn.twcert.org.tw/taiwanvn/TVN-201906005