An insufficient encryption flaw in the GeoVision GV-IP Device Utility allows local network attackers to intercept and decrypt administrative credentials, potentially leading to full unauthorized device control.

The utility broadcasts administrative credentials over UDP using a weak, obfuscated cryptographic scheme where the symmetric key is transmitted within the same packet. An attacker on the same local network can capture this traffic and easily derive the credentials to gain unauthorized access to the device.

With a CVSS score of 9.3, this vulnerability poses a significant risk to the physical and logical security of the network. An attacker capturing these credentials gains full administrative access to GeoVision devices, enabling them to modify configurations, change network settings, or disable security monitoring, which directly impacts physical site security and system availability.

Immediate Action: Update the GV-IP Device Utility to the latest version provided by GeoVision and transition to more secure management protocols if available.

Proactive Monitoring: Monitor local network broadcast traffic for suspicious UDP packets directed toward or originating from management utilities.

Compensating Controls: Implement network segmentation to isolate devices and management workstations, limiting the ability of unauthorized entities to sniff traffic on the same LAN.

Public Exploit Available: unknown

The reliance on security through obscurity for credential transmission is a critical design failure. Administrators should immediately restrict access to the broadcast domain where these devices reside and apply the vendor’s security patches as soon as they are made available to protect administrative credentials from interception.