CVE-2020-3928 : Security Advisory and Response
Learn about CVE-2020-3928 involving a hardcoded root password in GeoVision Door Access Control devices. Find out the impact, affected systems, and mitigation steps.
GeoVision Door Access Control Device - Hardcoded privileged password
Understanding CVE-2020-3928
This CVE involves a hardcoded root password in GeoVision Door Access Control devices, leading to a security vulnerability.
What is CVE-2020-3928?
The GeoVision Door Access Control device family has a hardcoded root password, making all devices vulnerable due to the use of an identical password.
The Impact of CVE-2020-3928
The CVSS score for this vulnerability is 6.2, with a medium severity level. The confidentiality impact is high, and the attack complexity is low.
Technical Details of CVE-2020-3928
This section provides detailed technical information about the vulnerability.
Vulnerability Description
The vulnerability lies in the hardcoded root password in GeoVision Door Access Control devices, allowing unauthorized access to the system.
Affected Systems and Versions
- Door Access Control Device versions affected include:
- GV-AS210 (<= 2.21)
- GV-AS410 (<= 2.21)
- GV-AS810 (<= 2.21)
- GV-GF192x (<= 1.10)
- GV-AS1010 (<= 1.32)
Exploitation Mechanism
The vulnerability can be exploited locally, with no privileges required, impacting confidentiality but not availability or integrity.
Mitigation and Prevention
Protect your systems from this vulnerability by following these steps:
Immediate Steps to Take
- Update to version 2.22 in GV-AS210
- Update to version 2.22 in GV-AS410
- Update to version 2.22 in GV-AS810
- Update to version 1.22 in GV-GF192x
- Update to version 1.33 in GV-AS1010
Long-Term Security Practices
- Implement unique and strong passwords for all devices
- Regularly monitor and update access control systems
Patching and Updates
Ensure timely installation of security patches and updates to prevent exploitation of known vulnerabilities.