Details of VAR-201502-0477

ID

VAR-201502-0477

CVE

CVE-2015-0929

TITLE

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#522460

DESCRIPTION

time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. SerVision HVG Video Gateway is an intelligent video gateway product from SerVision, Israel. This may aid in further attacks

Trust: 3.24

sources: NVD: CVE-2015-0929 // CERT/CC: VU#522460 // JVNDB: JVNDB-2015-001447 // CNVD: CNVD-2015-00902 // BID: 72434 // VULHUB: VHN-78875

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-00902

AFFECTED PRODUCTS

vendor:	servision	model:	hvg video gateway	scope:	lte	version:	2.2.26a77	Trust: 1.0
vendor:	servision	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	servision	model:	hvg 400	scope:	-	version:	-	Trust: 0.8
vendor:	servision	model:	hvg video gateway	scope:	lt	version:	2.2.26a78	Trust: 0.8
vendor:	servision	model:	hvg video gateway <2.2.26a100	scope:	-	version:	-	Trust: 0.6
vendor:	servision	model:	hvg video gateway	scope:	eq	version:	2.2.26a77	Trust: 0.6

sources: CERT/CC: VU#522460 // CNVD: CNVD-2015-00902 // JVNDB: JVNDB-2015-001447 // CNNVD: CNNVD-201502-048 // NVD: CVE-2015-0929

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0929
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0929
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-00902
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201502-048
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-78875
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0929
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-00902
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78875
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-00902 // VULHUB: VHN-78875 // JVNDB: JVNDB-2015-001447 // CNNVD: CNNVD-201502-048 // NVD: CVE-2015-0929

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78875 // JVNDB: JVNDB-2015-001447 // NVD: CVE-2015-0929

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-048

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201502-048

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001447

PATCH

title:	Downloads - Get the latest software from SerVision	url:	http://www.servision.net/downloads/	Trust: 0.8
title:	SerVision HVG Video Gateway Privilege Escalation Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/55047	Trust: 0.6

sources: CNVD: CNVD-2015-00902 // JVNDB: JVNDB-2015-001447

EXTERNAL IDS

db:	CERT/CC	id:	VU#522460	Trust: 3.6
db:	NVD	id:	CVE-2015-0929	Trust: 3.4
db:	BID	id:	72434	Trust: 1.6
db:	JVN	id:	JVNVU93153088	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001447	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-048	Trust: 0.7
db:	CNVD	id:	CNVD-2015-00902	Trust: 0.6
db:	VULHUB	id:	VHN-78875	Trust: 0.1

sources: CERT/CC: VU#522460 // CNVD: CNVD-2015-00902 // VULHUB: VHN-78875 // BID: 72434 // JVNDB: JVNDB-2015-001447 // CNNVD: CNNVD-201502-048 // NVD: CVE-2015-0929

REFERENCES

url:	http://www.kb.cert.org/vuls/id/522460	Trust: 2.8
url:	http://www.securityfocus.com/bid/72434	Trust: 1.2
url:	http://cwe.mitre.org/data/definitions/288.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/284.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/259.html	Trust: 0.8
url:	http://www.servision.net/downloads/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0929	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93153088/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0929	Trust: 0.8
url:	http://www.servision.net/	Trust: 0.3

sources: CERT/CC: VU#522460 // CNVD: CNVD-2015-00902 // VULHUB: VHN-78875 // BID: 72434 // JVNDB: JVNDB-2015-001447 // CNNVD: CNNVD-201502-048 // NVD: CVE-2015-0929

CREDITS

Richard Tafoya

Trust: 0.9

sources: BID: 72434 // CNNVD: CNNVD-201502-048

SOURCES

db:	CERT/CC	id:	VU#522460
db:	CNVD	id:	CNVD-2015-00902
db:	VULHUB	id:	VHN-78875
db:	BID	id:	72434
db:	JVNDB	id:	JVNDB-2015-001447
db:	CNNVD	id:	CNNVD-201502-048
db:	NVD	id:	CVE-2015-0929

LAST UPDATE DATE

2025-04-12T23:04:51.625000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#522460	date:	2015-02-02T00:00:00
db:	CNVD	id:	CNVD-2015-00902	date:	2015-02-05T00:00:00
db:	VULHUB	id:	VHN-78875	date:	2015-02-04T00:00:00
db:	BID	id:	72434	date:	2015-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-001447	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-048	date:	2015-02-09T00:00:00
db:	NVD	id:	CVE-2015-0929	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#522460	date:	2015-02-02T00:00:00
db:	CNVD	id:	CNVD-2015-00902	date:	2015-02-05T00:00:00
db:	VULHUB	id:	VHN-78875	date:	2015-02-03T00:00:00
db:	BID	id:	72434	date:	2015-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-001447	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-048	date:	2015-02-03T00:00:00
db:	NVD	id:	CVE-2015-0929	date:	2015-02-03T22:59:03.173