What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2020-3929.

What is the severity of CVE-2020-3929?

The severity of CVE-2020-3929 is medium with a CVSS score of 5.9.

Is there a fix for this vulnerability?

There is no fix available for this vulnerability at the moment.

Vulnerability/
CVE-2020-3929

medium

5.9

CWE

326

12/6/2020

17/9/2024

CVE-2020-3929: GeoVision Door Access Control Device - Shared cryptographic keys

Q: How does the GeoVision Door Access Control device family employ shared cryptographic private keys?

The GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS.

Q: What is the risk associated with CVE-2020-3929?

The risk associated with CVE-2020-3929 is that attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.

First published: Fri Jun 12 2020(Updated: )

GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.

Credit: twcert@cert.org.tw

Affected Software	Affected Version	How to fix
Geovision GV-AS210 Firmware	<2.21
Geovision Gv-as210
Geovision GV-AS410 Firmware	<2.21
Geovision GV-AS410
Geovision GV-AS810 Firmware	<2.21
Usavisionsys Geovision Gv-as810 Firmware
Geovision GV-AS1010	<1.32
Geovision GV-AS1010
Geovision GV-GF192X Firmware	<1.10
Usavisionsys Geovision Gv-gf192x Firmware

Remedy

Update to version 2.22 in GV-AS210 Update to version 2.22 in GV-AS410 Update to version 2.22 in GV-AS810 Update to version 1.22 in GV-GF192x Update to version 1.33 in GV-AS1010

Never miss a vulnerability like this again

Reference Links

https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-3929.
What is the severity of CVE-2020-3929?
The severity of CVE-2020-3929 is medium with a CVSS score of 5.9.
How does the GeoVision Door Access Control device family employ shared cryptographic private keys?
The GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS.
What is the risk associated with CVE-2020-3929?
The risk associated with CVE-2020-3929 is that attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
Is there a fix for this vulnerability?
There is no fix available for this vulnerability at the moment.

agent/type
agent/severity
agent/author
agent/remedy
agent/references
agent/title
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/usavisionsys
canonical/geovision gv-as210 firmware
canonical/geovision gv-as210
canonical/geovision gv-as410 firmware
canonical/geovision gv-as410
canonical/geovision gv-as810 firmware
canonical/usavisionsys geovision gv-as810 firmware
canonical/geovision gv-as1010
canonical/geovision gv-gf192x firmware
canonical/usavisionsys geovision gv-gf192x firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.