CVE-2026-7161

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5

Description Insufficient encryption in the Device Authentication functionality allows for the leak of credentials. When the utility sends privileged commands to devices over UDP, the username and password are encrypted using a symmetric key that is also included within the same packet. An attacker on the same local area network can listen to these broadcast messages and decrypt the credentials, potentially gaining full control over the device configuration to change the IP address or reset the device to factory defaults.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.