TVN ID | TVN-202411014 |
---|---|
CVE ID | CVE-2024-11120 |
CVSS | 9.8 (Critical) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Affected Products | GV-VS12 GV-VS11 GV-DSP_LPR_V3 GVLX 4 V2 GVLX 4 V3 |
Description | Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. |
Solution | The affected devices are no longer being maintained. It is recommended to replace them. |
Credit | Piotr Kijewski (The Shadowserver Foundation) |
Public Date | 2024-11-15 |