CVE-2026-42363
Insufficient Encryption in GeoVision Utility Leads to Credential Leak
Publication date: 2026-04-27
Last updated on: 2026-04-27
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-ip_device_utility | 9.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-656 | The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. When the utility interacts with devices on the network, it sends privileged commands that require the device's username and password. Sometimes these commands are broadcasted over UDP with the credentials encrypted using a cryptographic protocol derived from Blowfish.
However, the symmetric key used for encryption is included in the same packet, meaning the encryption only provides obscurity rather than true security. An attacker on the same local network can listen to these broadcast packets, extract the key, and decrypt the username and password.
With the decrypted credentials, the attacker can gain full control over the device configuration, including changing its IP address or resetting it to factory defaults.
How can this vulnerability impact me? :
An attacker on the same local network can intercept broadcast packets containing encrypted credentials and decrypt them due to the weak encryption scheme.
This allows the attacker to obtain administrative credentials and gain full control over the affected GeoVision devices.
- Change device IP address
- Reset the device to factory default
Such control can lead to disruption of device operation, unauthorized access, and potential network security breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic on the local area network (LAN) for broadcast UDP packets sent by the GeoVision GV-IP Device Utility when an admin user interacts with the device.
Specifically, capturing and analyzing broadcast UDP packets may reveal encrypted username and password credentials along with the symmetric key used for encryption, which indicates the presence of this vulnerability.
Commands to detect this could include using packet capture tools such as tcpdump or Wireshark to filter for UDP broadcast traffic on the network.
- tcpdump -i <interface> udp and broadcast
- wireshark filter: udp.dstport == <port> and eth.dst == ff:ff:ff:ff:ff:ff
Note that the exact UDP port used by the GeoVision utility is not specified in the provided information, so identifying the relevant port may require additional investigation.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting the use of the GeoVision GV-IP Device Utility on untrusted or public networks to prevent attackers from listening to broadcast packets.
Restrict network access to the devices and utility to trusted LAN segments only, and consider using network segmentation or VLANs to isolate sensitive devices.
Avoid interacting with the device using the utility over insecure or shared networks where broadcast traffic can be captured.
Monitor network traffic for suspicious broadcast packets and unauthorized access attempts.
Since the vulnerability arises from insufficient encryption and key exposure, applying any available patches or updates from the vendor that address this issue is recommended once available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves insufficient encryption of credentials in the Device Authentication functionality, leading to potential credential leakage. Such leakage can result in unauthorized access to device configurations.
Unauthorized access to devices that may process or store personal or sensitive data could lead to violations of data protection regulations such as GDPR or HIPAA, which require adequate protection of sensitive information and access controls.
Therefore, this vulnerability could negatively impact compliance with these standards by exposing sensitive authentication credentials and potentially allowing unauthorized control over devices handling protected data.