Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html | Third Party Advisory |
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
09 May 2025, 14:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - Exploit, Third Party Advisory |
07 May 2025, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Dec 2024, 15:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html - Third Party Advisory | |
CPE | cpe:2.3:h:geovision:gv-vs11:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:* cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-vs12:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs12_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs11_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-dsp_lpr:3.0:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:* |
|
First Time |
Geovision gv-vs11
Geovision gvlx 4 Firmware Geovision gv-vs12 Geovision Geovision gv-vs11 Firmware Geovision gv-vs12 Firmware Geovision gv-dsp Lpr Firmware Geovision gv-dsp Lpr Geovision gvlx 4 |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Nov 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-15 02:15
Updated : 2025-05-09 14:22
NVD link : CVE-2024-11120
Mitre link : CVE-2024-11120
CVE.ORG link : CVE-2024-11120
JSON object : View
Products Affected
geovision
- gvlx_4_firmware
- gv-vs11
- gv-vs12
- gvlx_4
- gv-dsp_lpr
- gv-dsp_lpr_firmware
- gv-vs11_firmware
- gv-vs12_firmware
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')