9.8
CVE-2024-6047
- EPSS 74.88%
- Published 17.06.2024 06:15:09
- Last modified 09.05.2025 14:23:04
- Source twcert@cert.org.tw
- Teams watchlist Login
- Open Login
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Data is provided by the National Vulnerability Database (NVD)
Geovision ≫ Gv-dsp Lpr Firmware Version-
Geovision ≫ Gv Ipcamd Gv Bx130 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Bx1500 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Cb220 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Ebl1100 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Efd1100 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Fd2410 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Fd3400 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Fe3401 Firmware Version-
Geovision ≫ Gv Ipcamd Gv Fe420 Firmware Version-
Geovision ≫ Gv Gm8186 Vs14 Firmware Version-
Geovision ≫ Gv-vs14 Vs14 Firmware Version-
Geovision ≫ Gv Vs03 Firmware Version-
Geovision ≫ Gv Vs2410 Firmware Version-
Geovision ≫ Gv Vs28xx Firmware Version-
Geovision ≫ Gv Vs216xx Firmware Version-
Geovision ≫ Gv Vs04a Firmware Version-
Geovision ≫ Gv Vs04h Firmware Version-
07.05.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog
GeoVision Devices OS Command Injection Vulnerability
VulnerabilityMultiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.
DescriptionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 74.88% | 0.988 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| twcert@cert.org.tw | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.