Geovision: Security Vulnerabilities
CVE-2024-11120
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Known exploited
CVSS Score
9.8
EPSS Score
0.546
Published
2024-11-15
CVE-2024-6047
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Known exploited
CVSS Score
9.8
EPSS Score
0.754
Published
2024-06-17
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-07-19
An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-05-04
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVSS Score
9.8
EPSS Score
0.017
Published
2020-07-08
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
CVSS Score
4.0
EPSS Score
0.001
Published
2020-06-12
A vulnerability of remote credential disclosure was discovered in Advan VD-1 firmware versions up to 230. An attacker can export system configuration which is not encrypted to get the administrator’s account and password in plain text via cgibin/ExportSettings.cgi?Export=1 without any authentication.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-08-29
A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-29
A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-08-29
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.
CVSS Score
5.0
EPSS Score
0.121
Published
2011-09-12
Page 1