← back
CVE-2024-6047

GeoVision EOL device - OS Command Injection

CVSS 9.8 CRITICALEPSS 10.0%● KEVCWE-78
In short

GeoVision devices that are no longer supported allow anyone on the internet to run harmful commands on the device without needing a password. This lets attackers take complete control of the system.

Technical detail

Unauthenticated OS command injection via improper input validation in EOL GeoVision devices. Remote attackers can inject arbitrary shell commands through unfiltered user input, achieving pre-authentication code execution with device privileges. Attack vector is network-based with no user interaction required.

Summary generated and translated by AI from the official description.
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
GeoVision · GV_DSP_LPR_V2GeoVision · GV_GM8186_VS14GeoVision · GV_IPCAMD_GV_BX130GeoVision · GV_IPCAMD_GV_BX1500GeoVision · GV_IPCAMD_GV_CB220GeoVision · GV_IPCAMD_GV_EBL1100GeoVision · GV_IPCAMD_GV_EFD1100GeoVision · GV_IPCAMD_GV_FD2410GeoVision · GV_IPCAMD_GV_FD3400GeoVision · GV_IPCAMD_GV_FE3401GeoVision · GV_IPCAMD_GV_FE420GeoVision · GVLX 4 V2GeoVision · GVLX 4 V3GeoVision · GV_VS03GeoVision · GV VS04AGeoVision · GV VS04HGeoVision · GV-VS14_VS14GeoVision · GV_VS216XXGeoVision · GV_VS2410GeoVision · GV_VS28XX

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnethttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html