CVE-2026-7161
CVE-2026-7161 is a critical-severity vulnerability in Geovision Gv-ip Device Utility with a CVSS 3.x base score of 9.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-656.
Key facts
- Severity: Critical (CVSS 3.x base score 9.3)
- EPSS exploit prediction: 0% (12th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2026-26862
- Weakness: CWE-656
- Affected product: Geovision Gv-ip Device Utility
- Published:
- Last modified:
Description
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.
Frequently asked questions
- What is CVE-2026-7161?
- An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcasted over UDP and the username/password are encrypted using a cryptographic protocol that appears to be derivated from Blowfish. However the symmetric key used for the encryption is also included in the packet, and thus the security of the username/password only relies on the "obscurity" of the encryption scheme. An attacker on the same LAN can listen to the broadcast traffic once an admin user interacts with the device, and decrypt the credentials using their own implementation of the algorithm. With this password the attacker would have full control over the device configuration, allowing them to change its ip address or even reset it to factory default.
- How severe is CVE-2026-7161?
- CVE-2026-7161 has a CVSS 3.x base score of 9.3, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity none, and availability high.
- Is CVE-2026-7161 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (12th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2026-7161?
- CVE-2026-7161 affects Geovision Gv-ip Device Utility. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2026-7161?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- Does CVE-2026-7161 have an EU (EUVD) identifier?
- Yes. CVE-2026-7161 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2026-26862.
- When was CVE-2026-7161 published?
- CVE-2026-7161 was published on 2026-05-04 and last updated on 2026-06-17.
References
- https://talosintelligence.com/vulnerability_reports/
- https://www.geovision.com.tw/cyber_security.php
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2322
Affected products (1)
- cpe:2.3:a:geovision:gv-ip_device_utility:9.0.5:*:*:*:*:*:*:*
Other CWE-656 vulnerabilities
- CVE-2026-42363 — Critical (CVSS 9.3): An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device…
- CVE-2024-12297 — Critical (CVSS 9.2): Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism.…
- CVE-2020-10284 — Critical (CVSS 9.1): No authentication is required to control the robot inside the network, moreso the latest available user manual shows an…
- CVE-2025-59093 — High (CVSS 8.5): Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The…
- CVE-2024-9138 — High (CVSS 7.2): Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity…
- CVE-2020-10277 — Medium (CVSS 6.4): There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of…