A critical vulnerability in the GeoVision GV-IP Device Utility allows local attackers to intercept and decrypt administrative credentials, leading to full control over network-connected devices.

The utility uses a flawed cryptographic implementation where the symmetric key is included in the broadcast packet. An attacker on the same LAN can sniff this traffic and easily decrypt the administrative credentials.

With a CVSS score of 9.3, this flaw enables an attacker to gain full control over Geovision devices on the network. This can lead to the modification of IP addresses, factory resets, and unauthorized access to security camera feeds, severely impacting organizational security.

Immediate Action: Update to the latest version of the GV-IP Device Utility and, where possible, transition to more secure, authenticated management protocols.

Proactive Monitoring: Monitor network traffic for suspicious broadcast activity and implement network segmentation to isolate device management traffic from general user traffic.

Compensating Controls: Ensure that management interfaces are restricted to dedicated VLANs and monitor for any unauthorized device configuration changes.

Public Exploit Available: false

The reliance on insecure encryption for credential management represents a significant security failure. Organizations must update the utility and restrict network access to broadcast traffic to mitigate the risk of credential theft.