Vulnerability Details CVE-2024-6047
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.754
EPSS Ranking 98.8%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Ransomware Campaign
Unknown
References
- https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
- https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
- https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
- https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
- https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
Products affected by CVE-2024-6047
-
cpe:2.3:h:geovision:gv-dsp_lpr:2.0
-
cpe:2.3:h:geovision:gv-vs14_vs14:-
-
cpe:2.3:h:geovision:gv_gm8186_vs14:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-
-
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-
-
cpe:2.3:h:geovision:gv_vs03:-
-
cpe:2.3:h:geovision:gv_vs04a:-
-
cpe:2.3:h:geovision:gv_vs04h:-
-
cpe:2.3:h:geovision:gv_vs216xx:-
-
cpe:2.3:h:geovision:gv_vs2410:-
-
cpe:2.3:h:geovision:gvlx_4:2.0
-
cpe:2.3:h:geovision:gvlx_4:3.0
-
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-
-
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-
-
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-
-
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-
-
cpe:2.3:o:geovision:gv_vs03_firmware:-
-
cpe:2.3:o:geovision:gv_vs04a_firmware:-
-
cpe:2.3:o:geovision:gv_vs04h_firmware:-
-
cpe:2.3:o:geovision:gv_vs216xx_firmware:-
-
cpe:2.3:o:geovision:gv_vs2410_firmware:-
-
cpe:2.3:o:geovision:gv_vs28xx_firmware:-
-
cpe:2.3:o:geovision:gvlx_4_firmware:-