Vulnerabilities (CVE)

Filtered by vendor Geovision Subscribe
Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3638 1 Geovision 2 Gv-adr2701, Gv-adr2701 Firmware 2024-11-21 N/A 9.8 CRITICAL
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.
CVE-2023-23059 1 Geovision 1 Gv-edge Recording Manager 2024-11-21 N/A 9.8 CRITICAL
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
CVE-2020-3931 1 Geovision 12 Gv-as1010, Gv-as1010 Firmware, Gv-as210 and 9 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-3930 1 Geovision 2 Gv-gf192x, Gv-gf192x Firmware 2024-11-21 2.1 LOW 4.0 MEDIUM
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
CVE-2019-13408 2 Androvideo, Geovision 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
CVE-2019-13407 2 Androvideo, Geovision 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.
CVE-2019-11064 2 Androvideo, Geovision 6 Vd 1, Vd 1 Firmware, Gv-vd8700 and 3 more 2024-11-21 5.0 MEDIUM 9.8 CRITICAL
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
CVE-2009-5087 1 Geovision 1 Digital Surveillance System 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
CVE-2009-1092 1 Geovision 1 Liveaudio Activex Control 2024-11-21 9.3 HIGH N/A
Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.
CVE-2009-0865 1 Geovision 1 Livex Activex Control 2024-11-21 8.8 HIGH N/A
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
CVE-2005-1553 1 Geovision 1 Digital Surveillance System 2024-11-20 7.5 HIGH N/A
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
CVE-2005-1552 1 Geovision 1 Digital Surveillance System 2024-11-20 5.0 MEDIUM N/A
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.
CVE-2004-2101 1 Geovision 1 Geohttpserver 2024-11-20 5.0 MEDIUM N/A
The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.
CVE-2004-2100 1 Geovision 1 Geohttpserver 2024-11-20 5.0 MEDIUM N/A
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).