OTPulse
FeedAboutContact

GeoVision GV-ADR2701

Act Now9.8ICS-CERT ICSA-23-199-05Jul 18, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

GeoVision GV-ADR2701 cameras (firmware V1.00_2017_12_15) contain an authentication bypass vulnerability that allows unauthenticated remote login to the camera's web application. The vulnerability affects older models and no firmware patch is available from the vendor.

What this means
What could happen
An attacker could gain unauthorized access to the GV-ADR2701 camera's web interface from the network without valid credentials, potentially allowing them to view live video feeds, modify camera settings, or pivot to other systems on the network.
Who's at risk
Water authorities, electric utilities, and other municipal operators using GeoVision GV-ADR2701 surveillance cameras in networked monitoring systems should be concerned. This affects any organization relying on these cameras for facility security or process monitoring, especially if cameras are connected to corporate networks or accessible remotely.
How it could be exploited
An attacker on the network (or the internet if the camera is exposed) sends a login request to the camera's web application. Due to weak or missing authentication validation, the request succeeds without valid credentials, granting access to the camera's admin interface.
Prerequisites
  • Network access to the camera's web interface (TCP port 80 or 443, or whatever port the device uses)
  • Camera must be reachable from the attacker's location
  • No valid credentials required
remotely exploitableno authentication requiredlow complexityno patch available
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
GV-ADR2701: V1.00_2017_12_15V1.00 2017 12 15No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
WORKAROUNDRestrict GV-ADR2701 cameras to closed local area networks with no internet connectivity
HARDENINGPlace cameras behind firewalls and isolate the camera network from business networks and the internet
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXReplace GV-ADR2701 devices with newer non-vulnerable models such as TDR2704, TDR2702, or TDR2700
HARDENINGIf remote access to cameras is required, use a VPN to secure connections
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/424677cb-425d-40e7-a68f-37d4a7470fed