go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

GeoVision EOL devices - OS Command Injection

TVN ID TVN-202411014
CVE ID CVE-2024-11120
CVSS 9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products GV-VS12
GV-VS11
GV-DSP_LPR_V3
GVLX 4 V2
GVLX 4 V3
Description Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Solution The affected devices are no longer being maintained. It is recommended to replace them.
Credit Piotr Kijewski (The Shadowserver Foundation)
Public Date 2024-11-15
Top