What is the severity of CVE-2019-11064?

CVE-2019-11064 is classified as a critical vulnerability due to the exposure of sensitive credentials.

How do I fix CVE-2019-11064?

To fix CVE-2019-11064, upgrade the Advan VD-1 firmware to a version higher than 230.

What systems are affected by CVE-2019-11064?

CVE-2019-11064 affects Advan VD-1 firmware versions up to and including 230, as well as specific Geovision firmware editions.

What type of attack does CVE-2019-11064 enable?

CVE-2019-11064 allows an attacker to export unencrypted system settings, potentially disclosing administrator credentials.

Is CVE-2019-11064 still a threat if I'm using the latest firmware?

If you are using a firmware version higher than 230 for Advan VD-1, CVE-2019-11064 is not a threat.

Vulnerability/
CVE-2019-11064

critical

9.8

CWE

287 200

29/8/2019

17/9/2024

CVE-2019-11064: A vulnerability of remote credential disclosure was discovered in Advan VD-1

First published: Thu Aug 29 2019(Updated: )

A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.

Credit: twcert@cert.org.tw

Affected Software	Affected Version	How to fix
Androvideo Vd 1	<=230
Androvideo Vd 1 Firmware
Geovision Gv-vr360	<=1.10
GeoVision
Geovision Gv-vd8700	<=1.01
GeoVision

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-11064?
CVE-2019-11064 is classified as a critical vulnerability due to the exposure of sensitive credentials.
How do I fix CVE-2019-11064?
To fix CVE-2019-11064, upgrade the Advan VD-1 firmware to a version higher than 230.
What systems are affected by CVE-2019-11064?
CVE-2019-11064 affects Advan VD-1 firmware versions up to and including 230, as well as specific Geovision firmware editions.
What type of attack does CVE-2019-11064 enable?
CVE-2019-11064 allows an attacker to export unencrypted system settings, potentially disclosing administrator credentials.
Is CVE-2019-11064 still a threat if I'm using the latest firmware?
If you are using a firmware version higher than 230 for Advan VD-1, CVE-2019-11064 is not a threat.

agent/type
agent/title
agent/weakness
agent/severity
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/androvideo
canonical/androvideo vd 1
version/androvideo vd 1/230
canonical/androvideo vd 1 firmware
vendor/geovision
canonical/geovision gv-vr360
version/geovision gv-vr360/1.10
canonical/geovision
canonical/geovision gv-vd8700
version/geovision gv-vd8700/1.01

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.