Vulnerabilites related to GeoVision - GV-DSP_LPR_V3
CVE-2024-11120 (GCVE-0-2024-11120)
Vulnerability from cvelistv5
Published
2024-11-15 02:00
Modified
2025-07-30 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html | third-party-advisory | |
| https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html | third-party-advisory |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs12_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs11_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-dsp_lpr_v3_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gvlx_4_v2_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gvlx_4_v3_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11120",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T17:12:05.450406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:26.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-07T00:00:00+00:00",
"value": "CVE-2024-11120 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV-VS12",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-VS11",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-DSP_LPR_V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2024-11-15T01:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
}
],
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T02:00:27.361Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; The affected devices are no longer being maintained. It is recommended to replace them.\u003cbr\u003e"
}
],
"value": "The affected devices are no longer being maintained. It is recommended to replace them."
}
],
"source": {
"advisory": "TVN-202411014",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_known-exploited-vulnerability"
],
"title": "GeoVision EOL devices - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11120",
"datePublished": "2024-11-15T02:00:27.361Z",
"dateReserved": "2024-11-12T06:23:33.571Z",
"dateUpdated": "2025-07-30T01:36:26.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}