Details of VAR-201502-0478

ID

VAR-201502-0478

CVE

CVE-2015-0930

TITLE

SerVision HVG Video Gateway web interface contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#522460

DESCRIPTION

The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session. SerVision HVG Video Gateway is an intelligent video gateway product from SerVision, Israel. SerVision HVG is prone to a security-bypass vulnerability

Trust: 3.24

sources: NVD: CVE-2015-0930 // CERT/CC: VU#522460 // JVNDB: JVNDB-2015-001446 // CNVD: CNVD-2015-00903 // BID: 72433 // VULHUB: VHN-78876

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-00903

AFFECTED PRODUCTS

vendor:	servision	model:	hvg video gateway	scope:	lte	version:	2.2.26a100	Trust: 1.0
vendor:	servision	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	servision	model:	hvg 400	scope:	-	version:	-	Trust: 0.8
vendor:	servision	model:	hvg video gateway	scope:	lt	version:	2.2.26a100	Trust: 0.8
vendor:	servision	model:	hvg video gateway <2.2.26a100	scope:	-	version:	-	Trust: 0.6
vendor:	servision	model:	hvg video gateway	scope:	eq	version:	2.2.26a100	Trust: 0.6

sources: CERT/CC: VU#522460 // CNVD: CNVD-2015-00903 // JVNDB: JVNDB-2015-001446 // CNNVD: CNNVD-201502-047 // NVD: CVE-2015-0930

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0930
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0930
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-00903
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201502-047
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-78876
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0930
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-00903
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-78876
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-00903 // VULHUB: VHN-78876 // JVNDB: JVNDB-2015-001446 // CNNVD: CNNVD-201502-047 // NVD: CVE-2015-0930

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-78876 // JVNDB: JVNDB-2015-001446 // NVD: CVE-2015-0930

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201502-047

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201502-047

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001446

PATCH

title:	Downloads - Get the latest software from SerVision	url:	http://www.servision.net/downloads/	Trust: 0.8
title:	SerVision HVG Security Bypass Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/55045	Trust: 0.6
title:	tvg_ti_HM4_2_2_26A100.tvx	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=53625	Trust: 0.6

sources: CNVD: CNVD-2015-00903 // JVNDB: JVNDB-2015-001446 // CNNVD: CNNVD-201502-047

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0930	Trust: 3.4
db:	CERT/CC	id:	VU#522460	Trust: 3.3
db:	BID	id:	72433	Trust: 1.6
db:	JVN	id:	JVNVU93153088	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-001446	Trust: 0.8
db:	CNNVD	id:	CNNVD-201502-047	Trust: 0.7
db:	CNVD	id:	CNVD-2015-00903	Trust: 0.6
db:	VULHUB	id:	VHN-78876	Trust: 0.1

sources: CERT/CC: VU#522460 // CNVD: CNVD-2015-00903 // VULHUB: VHN-78876 // BID: 72433 // JVNDB: JVNDB-2015-001446 // CNNVD: CNNVD-201502-047 // NVD: CVE-2015-0930

REFERENCES

url:	http://www.kb.cert.org/vuls/id/522460	Trust: 2.5
url:	http://www.securityfocus.com/bid/72433	Trust: 1.2
url:	http://cwe.mitre.org/data/definitions/288.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/284.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/259.html	Trust: 0.8
url:	http://www.servision.net/downloads/	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0930	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93153088/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0930	Trust: 0.8

sources: CERT/CC: VU#522460 // CNVD: CNVD-2015-00903 // VULHUB: VHN-78876 // JVNDB: JVNDB-2015-001446 // CNNVD: CNNVD-201502-047 // NVD: CVE-2015-0930

CREDITS

Richard Tafoya

Trust: 0.9

sources: BID: 72433 // CNNVD: CNNVD-201502-047

SOURCES

db:	CERT/CC	id:	VU#522460
db:	CNVD	id:	CNVD-2015-00903
db:	VULHUB	id:	VHN-78876
db:	BID	id:	72433
db:	JVNDB	id:	JVNDB-2015-001446
db:	CNNVD	id:	CNNVD-201502-047
db:	NVD	id:	CVE-2015-0930

LAST UPDATE DATE

2025-04-12T23:04:51.554000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#522460	date:	2015-02-02T00:00:00
db:	CNVD	id:	CNVD-2015-00903	date:	2015-02-05T00:00:00
db:	VULHUB	id:	VHN-78876	date:	2015-02-04T00:00:00
db:	BID	id:	72433	date:	2015-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-001446	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-047	date:	2015-03-03T00:00:00
db:	NVD	id:	CVE-2015-0930	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#522460	date:	2015-02-02T00:00:00
db:	CNVD	id:	CNVD-2015-00903	date:	2015-02-05T00:00:00
db:	VULHUB	id:	VHN-78876	date:	2015-02-03T00:00:00
db:	BID	id:	72433	date:	2015-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-001446	date:	2015-02-13T00:00:00
db:	CNNVD	id:	CNNVD-201502-047	date:	2015-02-03T00:00:00
db:	NVD	id:	CVE-2015-0930	date:	2015-02-03T22:59:03.940