CVE-2024-6047

Warnung

Exploit

EPSS 72.97%
Veröffentlicht 17.06.2024 06:15:09
Zuletzt bearbeitet 30.10.2025 19:23:34
Quelle twcert@cert.org.tw
CVE-Watchlists
Login
Unerledigt
Login

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Geovision ≫ Gv-dsp Lpr Firmware Version-

Geovision ≫ Gv-dsp Lpr Version2.0

Geovision ≫ Gv-bx130 Firmware Version-

Geovision ≫ Gv-bx130 Version-

Geovision ≫ Gv-bx1500 Firmware Version-

Geovision ≫ Gv-bx1500 Version-

Geovision ≫ Gv-cb220 Firmware Version-

Geovision ≫ Gv-cb220 Version-

Geovision ≫ Gv-ebl1100 Firmware Version-

Geovision ≫ Gv-ebl1100 Version-

Geovision ≫ Gv-efd1100 Firmware Version-

Geovision ≫ Gv-efd1100 Version-

Geovision ≫ Gv-fd2410 Firmware Version-

Geovision ≫ Gv-fd2410 Version-

Geovision ≫ Gv-fd3400 Firmware Version-

Geovision ≫ Gv-fd3400 Version-

Geovision ≫ Gv-fe3401 Firmware Version-

Geovision ≫ Gv-fe3401 Version-

Geovision ≫ Gv-fe420 Firmware Version-

Geovision ≫ Gv-fe420 Version-

Geovision ≫ Gv-gm8186 Vs14 Firmware Version-

Geovision ≫ Gv-gm8186 Vs14 Version-

Geovision ≫ Gv-vs14 Firmware Version-

Geovision ≫ Gv-vs14 Version-

Geovision ≫ Gv-vs03 Firmware Version-

Geovision ≫ Gv-vs03 Version-

Geovision ≫ Gv-vs2410 Firmware Version-

Geovision ≫ Gv-vs2410 Version-

Geovision ≫ Gv-vs21600 Firmware Version-

Geovision ≫ Gv-vs21600 Version-

Geovision ≫ Gv-vs04a Firmware Version-

Geovision ≫ Gv-vs04a Version-

Geovision ≫ Gv-vs04h Firmware Version-

Geovision ≫ Gv-vs04h Version-

Geovision ≫ Gvlx 4 Firmware Version-

Geovision ≫ Gvlx 4 Version2.0
Geovision ≫ Gvlx 4 Version3.0

Geovision ≫ Gv-vs2800 Firmware Version-

Geovision ≫ Gv-vs2800 Version-

Geovision ≫ Gv-vs2820 Firmware Version-

Geovision ≫ Gv-vs2820 Version-

07.05.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

GeoVision Devices OS Command Injection Vulnerability

Schwachstelle

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	72.97%	0.987

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Third Party Advisory

https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

Third Party Advisory

Exploit

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-6047

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6047

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6047

EUVD