fkie_cve-2024-6047
Vulnerability from fkie_nvd
Published
2024-06-17 06:15
Modified
2025-05-09 14:23
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
References
twcert@cert.org.twhttps://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlThird Party Advisory
twcert@cert.org.twhttps://www.twcert.org.tw/tw/cp-132-7883-f5635-1.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.htmlThird Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnetExploit, Third Party Advisory
Impacted products
Vendor Product Version
geovision gv-dsp_lpr_firmware -
geovision gv-dsp_lpr 2.0
geovision gv_ipcamd_gv_bx130_firmware -
geovision gv_ipcamd_gv_bx130 -
geovision gv_ipcamd_gv_bx1500_firmware -
geovision gv_ipcamd_gv_bx1500 -
geovision gv_ipcamd_gv_cb220_firmware -
geovision gv_ipcamd_gv_cb220 -
geovision gv_ipcamd_gv_ebl1100_firmware -
geovision gv_ipcamd_gv_ebl1100 -
geovision gv_ipcamd_gv_efd1100_firmware -
geovision gv_ipcamd_gv_efd1100 -
geovision gv_ipcamd_gv_fd2410_firmware -
geovision gv_ipcamd_gv_fd2410 -
geovision gv_ipcamd_gv_fd3400_firmware -
geovision gv_ipcamd_gv_fd3400 -
geovision gv_ipcamd_gv_fe3401_firmware -
geovision gv_ipcamd_gv_fe3401 -
geovision gv_ipcamd_gv_fe420_firmware -
geovision gv_ipcamd_gv_fe420 -
geovision gv_gm8186_vs14_firmware -
geovision gv_gm8186_vs14 -
geovision gv-vs14_vs14_firmware -
geovision gv-vs14_vs14 -
geovision gv_vs03_firmware -
geovision gv_vs03 -
geovision gv_vs2410_firmware -
geovision gv_vs2410 -
geovision gv_vs28xx_firmware -
geovision gv_vs216xx_firmware -
geovision gv_vs216xx -
geovision gv_vs04a_firmware -
geovision gv_vs04a -
geovision gv_vs04h_firmware -
geovision gv_vs04h -
geovision gvlx_4_firmware -
geovision gvlx_4 2.0
geovision gvlx_4 3.0


To clipboard 

{
  "cisaActionDue": "2025-05-28",
  "cisaExploitAdd": "2025-05-07",
  "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A816357-E53E-45DB-8655-2168D9B81F9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "154516B8-F25A-4426-8EA5-C27E0FB0DEEB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7E9068-B0C2-4BA9-BBBE-88018F6E1ECB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F45BD759-67ED-41E8-936C-AF60D13D08B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B756CC-3EBB-412C-93DE-0A13EC8F351C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0682970-0181-4624-98EB-3DFD532FC544",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C57D7FF6-B98E-4B11-BCBD-56EA1DE6B4B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEA1E46-35C8-4E50-A877-5BD9B5F05DBE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6A2AC0-0130-4634-9B8C-E7A97E3EB96D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC06FEC-DF9C-4609-81EA-697856D05FEF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB3DF05-C757-4CA1-8F34-A21EBB541086",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB49A19-BFB2-42DC-90ED-D1951DCEB98B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12890B2C-8483-4BB8-89B8-44AF30A660F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F159EE17-8BFC-4A7E-9A28-CBC28D9F36E6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B8E8F7-ABDE-4F64-B179-63757632E3BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49206BF6-C107-4D75-A980-060F8F7A3A18",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C34FE68-E6B9-4F02-B1E4-910274A30FC9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64901613-1F8B-4406-BD5C-E2363AA8E95A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0970DE3D-8D63-4623-954C-119C055EC985",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F93892-27B6-4161-B791-F1CECC1A065F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A16D884B-01DD-47DD-BF7C-472C72D6A963",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3612EE1F-DB21-4C2D-9E16-C1560080EB7D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AD0CE6-AB6A-4F0D-863D-4A0BE4B79A12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B49A4E1-B587-442E-A243-0229DDC207B0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F4FEB6A-4296-4159-9952-7E81A2F59915",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD570DE5-22A6-4FC5-AA58-E564EC4073A1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F9F838-BDA5-43E0-9867-DF8B993B14AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B037689D-0A74-4945-8200-4E1A662C2AEB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C9707F0-D906-42FA-AC4D-1C8345DAB336",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E985B3-A6B5-4EF4-A798-AD8C490E4AA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6019779D-7B09-459A-B4D0-E13D64493D4A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B0EAB6-D680-49A9-8566-291D7C07ECEB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DBAFCA5-81F9-4A39-8978-FAA5A750D2F8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A142CF2C-9151-4AA7-9D06-400F56CBE5B8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C74BC02A-1265-4A48-B7A5-BB449B3ACCA4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F102B6E2-FF3F-4A1A-B133-E06567EE6653",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC0F181D-09E9-43CF-93A5-DA699F4436C5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3699699F-80E7-44C8-8564-1448704BCCE0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "twcert@cert.org.tw",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
    },
    {
      "lang": "es",
      "value": "Ciertos dispositivos EOL GeoVision no filtran adecuadamente la entrada del usuario para la funcionalidad espec\u00edfica. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo."
    }
  ],
  "id": "CVE-2024-6047",
  "lastModified": "2025-05-09T14:23:04.787",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "twcert@cert.org.tw",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-06-17T06:15:09.237",
  "references": [
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"
    },
    {
      "source": "twcert@cert.org.tw",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
    }
  ],
  "sourceIdentifier": "twcert@cert.org.tw",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "twcert@cert.org.tw",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.