The exploitation of the vulnerability allows attackers to intercept network traffic and carry out MitM attacks.
Four vulnerabilities were discovered in the card and fingerprint scanners of the Taiwanese manufacturer of video surveillance systems and IP cameras GeoVision, one of which is critical. Their exploitation allows attackers to intercept network traffic and carry out MitM attacks.
As Acronis specialists told The Hacker News, problems affect at least 6 device families, with more than 2.5 thousand vulnerable devices found in Brazil, the USA, Germany, Taiwan and Japan.
“Attackers can provide persistence on the network, spy on internal users and steal data without being detected. They can reuse the stolen fingerprint data for authorization in user devices, ”the experts explained.
The first problem is related to the superuser password, which allows an attacker to access the device using the default password (“admin”) and remote access to the vulnerable device.
The second vulnerability is associated with the use of built-in shared cryptographic secret keys for authentication through the SSH protocol, and the third vulnerability allows access to system logs on the device without authentication.
The fourth buffer overflow vulnerability in the stack is contained in the firmware and affects GeoVision fingerprint readers, allowing unauthorized attackers to run arbitrary code on devices. The problem received a maximum score of 10 on the CVSS scale.
Experts first notified GeoVision of their findings last August, then twice in September and December, in addition to contacting the Singapore Cyber Incident Rapid Response Team (SingCERT). Only at the beginning of June this year, GeoVision released patches for three vulnerabilities (CVE-2020-3928, CVE-2020-3929, and CVE-2020-3930), leaving the buffer overflow vulnerability unpatched.
__________________
Four vulnerabilities were discovered in the card and fingerprint scanners of the Taiwanese manufacturer of video surveillance systems and IP cameras GeoVision, one of which is critical. Their exploitation allows attackers to intercept network traffic and carry out MitM attacks.
As Acronis specialists told The Hacker News, problems affect at least 6 device families, with more than 2.5 thousand vulnerable devices found in Brazil, the USA, Germany, Taiwan and Japan.
“Attackers can provide persistence on the network, spy on internal users and steal data without being detected. They can reuse the stolen fingerprint data for authorization in user devices, ”the experts explained.
The first problem is related to the superuser password, which allows an attacker to access the device using the default password (“admin”) and remote access to the vulnerable device.
The second vulnerability is associated with the use of built-in shared cryptographic secret keys for authentication through the SSH protocol, and the third vulnerability allows access to system logs on the device without authentication.
The fourth buffer overflow vulnerability in the stack is contained in the firmware and affects GeoVision fingerprint readers, allowing unauthorized attackers to run arbitrary code on devices. The problem received a maximum score of 10 on the CVSS scale.
Experts first notified GeoVision of their findings last August, then twice in September and December, in addition to contacting the Singapore Cyber Incident Rapid Response Team (SingCERT). Only at the beginning of June this year, GeoVision released patches for three vulnerabilities (CVE-2020-3928, CVE-2020-3929, and CVE-2020-3930), leaving the buffer overflow vulnerability unpatched.