Video Gateway Allows Access

Wednesday, February 4, 2015 @ 12:02 PM gHale

There are vulnerabilities in SerVision’s HVG video gateway product series which grants availability to the web interface without authentication.

The severity rating for the two vulnerabilities comes in at the highest possible rating, 10.

HART DTM Vulnerability a Small Risk
Honeywell Updates HART DTM Vulnerability
Schneider Mitigates Buffer Overflow
Magnetrol Integrates HART DTM Update

The level of skill required to take advantage of the remotely exploitable vulnerabilities is not very high and the impact can lead loss of control of the device.

HVG from SerVision is a video recording unit designed for small businesses and residential sites. The footage it captures can end up viewed from dedicated client applications or on a close-circuit monitor connected to the unit. The products also include support for remote centralized monitoring of an area.

One of the vulnerabilities, CVE-2015-0929, has a double security impact as leveraging it allows an unauthenticated user to bypass the log-in process and take control of the unit, while an authenticated user can elevate privileges.

This could occur with the attacker gaining access to the “time.htm” resource, which grants the bad guy administrative rights in the web console of the device.

According to Carnegie Mellon University CERT (Computer Emergency Response Team) division, CVE-2015-0929 received a fix for the authentication bypass risk in build 2.2.26a78 and later of the firmware. However, officials are still working on the privilege elevation issue as the current firmware release, 2.2.26a100, does not address it.

A second vulnerability, CVE-2015-0930, refers to a password that is hard-coded in the device, which enables any user to log into the web interface with administrative rights.

The advisory from CERT said workers resolved the issue in the latest revision of the firmware.

Updating the product is the general recommendation, but if the user cannot complete the procedure, then they should restrict connections to the unit to trusted networks and hosts.

Leave a Reply

You must be logged in to post a comment.