CVE-2026-7161
Insufficient Encryption in GeoVision GV-IP Device Utility
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-ip_device_utility | 9.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-656 | The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. When the utility sends privileged commands to devices on the network, it broadcasts the username and password encrypted with a cryptographic protocol derived from Blowfish. However, the symmetric key used for encryption is included in the same packet, making the encryption ineffective.
An attacker on the same local area network (LAN) can listen to these broadcast packets, extract the symmetric key, and decrypt the credentials. This allows the attacker to gain full control over the device configuration.
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can obtain the username and password of the device by listening to broadcast messages on the network.
- Gain full control over the device configuration.
- Change the device's IP address.
- Reset the device to factory default settings.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for broadcast UDP packets sent by the GeoVision GV-IP Device Utility when interacting with devices. Specifically, you should capture and analyze broadcast packets on the LAN to identify if encrypted credentials are being transmitted along with the symmetric key used for encryption.
Using network packet capture tools such as Wireshark or tcpdump, you can filter for UDP broadcast traffic from the GeoVision utility. For example, a command to capture such traffic might be:
- tcpdump -i <interface> udp and broadcast
After capturing the packets, analyze the payload to check for the presence of encrypted credentials and the symmetric key included in the packet, which indicates the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include limiting the exposure of the GeoVision GV-IP Device Utility on the network by restricting access to trusted users and devices only.
Avoid using the utility on untrusted or public networks where attackers can listen to broadcast traffic.
Monitor network traffic for suspicious broadcast packets and consider segmenting the network to isolate devices running the vulnerable utility.
If possible, update or patch the GeoVision GV-IP Device Utility to a version that addresses this encryption weakness.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an attacker on the same LAN to intercept broadcast packets containing encrypted device credentials. Because the encryption key is included in the packet, the attacker can decrypt the credentials and gain full control over the device configuration.
Such unauthorized access and potential control over device configurations could lead to unauthorized disclosure or alteration of sensitive data, which may violate data protection requirements under standards like GDPR and HIPAA.
Therefore, this vulnerability could negatively impact compliance with these regulations by failing to adequately protect sensitive authentication credentials and device security.