Release Date: 2026/04/27
Advisory ID
GV-IPDU-2026-04-01
CVE ID
CVE-2026-7161
Affected Product
GV-IP Device Utility V9.0.5.0 or earlier
Security Issue
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability.
Resolution
Reported vulnerability has been resolved with software update GV-IP Device Utility V9.0.7.0 and later versions which are available to download from GeoVision’s official download page at: Link
If you have any questions or concerns in regards the cybersecurity issue, please contact our cybersecurity team: security@geovision.com.tw.