CVE-2024-6047

Warnung

Exploit

EPSS 74.88%
Veröffentlicht 17.06.2024 06:15:09
Zuletzt bearbeitet 09.05.2025 14:23:04
Quelle twcert@cert.org.tw
Teams Watchlist Login
Unerledigt Login

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Geovision ≫ Gv-dsp Lpr Firmware Version-

Geovision ≫ Gv-dsp Lpr Version2.0

Geovision ≫ Gv Ipcamd Gv Bx130 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Bx130 Version-

Geovision ≫ Gv Ipcamd Gv Bx1500 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Bx1500 Version-

Geovision ≫ Gv Ipcamd Gv Cb220 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Cb220 Version-

Geovision ≫ Gv Ipcamd Gv Ebl1100 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Ebl1100 Version-

Geovision ≫ Gv Ipcamd Gv Efd1100 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Efd1100 Version-

Geovision ≫ Gv Ipcamd Gv Fd2410 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Fd2410 Version-

Geovision ≫ Gv Ipcamd Gv Fd3400 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Fd3400 Version-

Geovision ≫ Gv Ipcamd Gv Fe3401 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Fe3401 Version-

Geovision ≫ Gv Ipcamd Gv Fe420 Firmware Version-

Geovision ≫ Gv Ipcamd Gv Fe420 Version-

Geovision ≫ Gv Gm8186 Vs14 Firmware Version-

Geovision ≫ Gv Gm8186 Vs14 Version-

Geovision ≫ Gv-vs14 Vs14 Firmware Version-

Geovision ≫ Gv-vs14 Vs14 Version-

Geovision ≫ Gv Vs03 Firmware Version-

Geovision ≫ Gv Vs03 Version-

Geovision ≫ Gv Vs2410 Firmware Version-

Geovision ≫ Gv Vs2410 Version-

Geovision ≫ Gv Vs28xx Firmware Version-

Geovision ≫ Gv Vs216xx Firmware Version-

Geovision ≫ Gv Vs216xx Version-

Geovision ≫ Gv Vs04a Firmware Version-

Geovision ≫ Gv Vs04a Version-

Geovision ≫ Gv Vs04h Firmware Version-

Geovision ≫ Gv Vs04h Version-

Geovision ≫ Gvlx 4 Firmware Version-

Geovision ≫ Gvlx 4 Version2.0
Geovision ≫ Gvlx 4 Version3.0

07.05.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

GeoVision Devices OS Command Injection Vulnerability

Schwachstelle

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	74.88%	0.988

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
twcert@cert.org.tw	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Third Party Advisory

https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-6047

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6047

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6047

EUVD