Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

SerVision HVG Default Credentials Vulnerability

Information

Severity

Severity

Critical

Family

Family

Default Accounts

CVSSv2 Base

CVSSv2 Base

10.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

8 years ago

Modified

Modified

5 years ago

Share

Summary

This host is running SerVision HVG and is prone to default Hard-Coded Password security bypass vulnerability.

Insight

Insight

The flaw is due to SerVision HVG contains a hardcoded password that enables a user to log into the web interface with administrative rights.

Affected Software

Affected Software

SerVision HVG400 Video Gateway devices with firmware before 2.2.26a100

Detection Method

Detection Method

Send a crafted request via HTTP POST and check whether it is able to bypass authentication or not.

Solution

Solution

Upgrade to SerVision HVG Video Gateway devices with firmware 2.2.26a100 or later.

Common Vulnerabilities and Exposures (CVE)

References