Tirath Rai

**Name of the Vulnerable Software and Affected Versions** GeoVision Digital Video Surveillance System versions 6.04, 6.1, 7.0 **Description** The issue allows remote attackers to gain sensitive information via a direct request to an image, even when a password and username are assigned, due to improper protection of the image when the system is set to create JPEG images. **Recommendations** For GeoVision Digital Video Surveillance System versions 6.04, 6.1, 7.0, consider restricting access to the image creation feature until a proper fix is applied. As a temporary workaround, avoid using the JPEG image creation setting to minimize the risk of exploitation. Restrict direct requests to images to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** GeoVision Digital Video Surveillance System versions 6.04 through 7.0 **Description** The issue concerns the use of a weak encryption scheme for password encryption, allowing remote attackers to obtain passwords via sniffing. **Recommendations** For GeoVision Digital Video Surveillance System versions 6.04 through 7.0, consider implementing stronger encryption methods to protect passwords, and restrict access to sensitive areas of the system until a more secure encryption scheme is in place. At the moment, there is no information about a newer version that contains a fix for this vulnerability.