Vulnerability Details CVE-2024-11120
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.546
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Ransomware Campaign
Unknown
References
Products affected by CVE-2024-11120
-
cpe:2.3:h:geovision:gv-dsp_lpr:3.0
-
cpe:2.3:h:geovision:gv-vs11:-
-
cpe:2.3:h:geovision:gv-vs12:-
-
cpe:2.3:h:geovision:gvlx_4:2.0
-
cpe:2.3:h:geovision:gvlx_4:3.0
-
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-
-
cpe:2.3:o:geovision:gv-vs11_firmware:-
-
cpe:2.3:o:geovision:gv-vs12_firmware:-
-
cpe:2.3:o:geovision:gvlx_4_firmware:-