Monthly
Session cookie predictability in GeoVision LPC2011/LPC2211 1.10 web interface allows remote attackers to bypass authentication via brute-force enumeration of session tokens. Successful exploitation grants unauthorized access to the camera management interface with full privileges of valid users. CVSS 8.6 severity reflects the network-accessible attack vector requiring no authentication or user interaction, though EPSS and exploitation status data not available. Cisco Talos and GeoVision have documented this vulnerability, classified as CWE-341 (predictable from observable state).
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A remote code execution vulnerability (CVSS 5.0) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures.
Session cookie predictability in GeoVision LPC2011/LPC2211 1.10 web interface allows remote attackers to bypass authentication via brute-force enumeration of session tokens. Successful exploitation grants unauthorized access to the camera management interface with full privileges of valid users. CVSS 8.6 severity reflects the network-accessible attack vector requiring no authentication or user interaction, though EPSS and exploitation status data not available. Cisco Talos and GeoVision have documented this vulnerability, classified as CWE-341 (predictable from observable state).
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A remote code execution vulnerability (CVSS 5.0) that allows an unauthenticated attacker. Remediation should follow standard vulnerability management procedures.