CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-3931 – GeoVision Door Access Control Device - Buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2020-3931
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. Un desbordamiento del búfer se presenta en la familia de dispositivos de Geovision Door Access Control, un atacante remoto no autenticado puede ejecutar un comando arbitrario • https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3930 – GeoVision Door Access Control Device - Information disclosure vulnerability
https://notcve.org/view.php?id=CVE-2020-3930
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. La familia de dispositivos GeoVision Door Access Control almacena y controla inapropiadamente el acceso a los registros del sistema, cualquier usuario puede leer estos registros • https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2019-13407 – Advan VD-1 has a reflected XSS vulnerability in page cgibin/ssi.cgi
https://notcve.org/view.php?id=CVE-2019-13407
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. Un XSS encontrado en las versiones de firmware Advan VD-1 hasta 230. VD-1 responde a un mensaje de error de ruta de acceso cuando no se encontró un recurso solicitado en la página cgibin/ssi.cgi. • http://surl.twcert.org.tw/SpTwh https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md https://tvn.twcert.org.tw/taiwanvn/TVN-201906008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-11064 – A vulnerability of remote credential disclosure was discovered in Advan VD-1
https://notcve.org/view.php?id=CVE-2019-11064
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication. Se descubrió una vulnerabilidad de divulgación remota de credenciales en las versiones de firmware Advan VD-1 hasta 230. Un atacante puede exportar la configuración del sistema que no está encriptada para obtener la cuenta y la contraseña del administrador en texto plano a través de cgibin / ExportSettings.cgi? • http://surl.twcert.org.tw/gCDQN https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md https://tvn.twcert.org.tw/taiwanvn/TVN-201906005 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-13408 – Advan VD-1 allows users to download arbitrary files
https://notcve.org/view.php?id=CVE-2019-13408
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. Una vulnerabilidad de recorrido de ruta relativa encontrada en las versiones de firmware de Advan VD-1 hasta 230. Permite a los atacantes descargar archivos arbitrarios a través de url cgibin/ExportSettings.cgi? • http://surl.twcert.org.tw/2bvXq https://gist.github.com/keniver/f5155b42eb278ec0273b83565b64235b#file-androvideo-advan-vd-1-multiple-vulnerabilities-md https://tvn.twcert.org.tw/taiwanvn/TVN-201906009 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal CWE-862: Missing Authorization •