go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

GeoVision EOL device - OS Command Injection

TVN ID TVN-202406015
CVE ID CVE-2024-6047
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products DSP LPR:
GV_DSP_LPR_V2
IP Camera:
GV_IPCAMD_GV_BX130
GV_IPCAMD_GV_BX1500
GV_IPCAMD_GV_CB220
GV_IPCAMD_GV_EBL1100
GV_IPCAMD_GV_EFD1100
GV_IPCAMD_GV_FD2410
GV_IPCAMD_GV_FD3400
GV_IPCAMD_GV_FE3401
GV_IPCAMD_GV_FE420
Video Server:
GV_GM8186_VS14
GV-VS14_VS14
GV_VS03
GV_VS2410
GV_VS28XX
GV_VS216XX
GV VS04A
GV VS04H
DVR:
GVLX 4 V2
GVLX 4 V3
Description Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Solution The product is no longer in surport. Please retire affected device.
Credit Yu-Chieh Kuo, Shi-Yi Xie, Cih-Che Chang, Li-Fan Cheng, AnWei Kung (Natiional Institute of Cyber Security)
Public Date 2024-06-17

Links

  1. CVE-2024-6047
Top