Richard Tafoya

**Name of the Vulnerable Software and Affected Versions** SerVision HVG Video Gateway devices versions prior to 2.2.26a78 **Description** The issue allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. This is related to the time.htm file in the web interface. **Recommendations** For versions prior to 2.2.26a78, update the firmware to version 2.2.26a78 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SerVision HVG Video Gateway versions prior to 2.2.26a100 **Description** The issue concerns a hardcoded administrative password in the web interface, making it easier for remote attackers to gain access via an HTTP session. **Recommendations** For versions prior to 2.2.26a100, update the firmware to version 2.2.26a100 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.

time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930.