Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for GV-DSP_LPR_V3 by GeoVision

    CVE-2024-11120 (GCVE-0-2024-11120)

    Vulnerability from nvd – Published: 2024-11-15 02:00 – Updated: 2025-10-21 22:55 Unsupported When Assigned X_Known Exploited Vulnerability
    VLAI CISA KEVIntel
    Title
    GeoVision EOL devices - OS Command Injection
    Summary
    Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    GeoVision GV-VS12 Affected: 0
    Create a notification for this product.
    GeoVision GV-VS11 Affected: 0
    Create a notification for this product.
    GeoVision GV-DSP_LPR_V3 Affected: 0
    Create a notification for this product.
    GeoVision GVLX 4 V2 Affected: 0
    Create a notification for this product.
    GeoVision GVLX 4 V3 Affected: 0
    Create a notification for this product.
    geovision gv-vs12_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gv-vs11_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gv-dsp_lpr_v3_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gvlx_4_v2_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gvlx_4_v3_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-15 01:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gv-vs12_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gv-vs11_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gv-dsp_lpr_v3_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gvlx_4_v2_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gvlx_4_v3_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11120",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T17:12:05.450406Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-05-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:36.559Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-05-07T00:00:00.000Z",
                "value": "CVE-2024-11120 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GV-VS12",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GV-VS11",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GV-DSP_LPR_V3",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GVLX 4 V2",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GVLX 4 V3",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2024-11-15T01:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
                }
              ],
              "value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T02:00:27.361Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u0026nbsp; The affected devices are no longer being maintained. It is recommended to replace them.\u003cbr\u003e"
                }
              ],
              "value": "The affected devices are no longer being maintained. It is recommended to replace them."
            }
          ],
          "source": {
            "advisory": "TVN-202411014",
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned",
            "x_known-exploited-vulnerability"
          ],
          "title": "GeoVision EOL devices - OS Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-11120",
        "datePublished": "2024-11-15T02:00:27.361Z",
        "dateReserved": "2024-11-12T06:23:33.571Z",
        "dateUpdated": "2025-10-21T22:55:36.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-11120 (GCVE-0-2024-11120)

    Vulnerability from cvelistv5 – Published: 2024-11-15 02:00 – Updated: 2025-10-21 22:55 Unsupported When Assigned X_Known Exploited Vulnerability
    VLAI CISA KEVIntel
    Title
    GeoVision EOL devices - OS Command Injection
    Summary
    Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
    SSVC
    Exploitation: active Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    GeoVision GV-VS12 Affected: 0
    Create a notification for this product.
    GeoVision GV-VS11 Affected: 0
    Create a notification for this product.
    GeoVision GV-DSP_LPR_V3 Affected: 0
    Create a notification for this product.
    GeoVision GVLX 4 V2 Affected: 0
    Create a notification for this product.
    GeoVision GVLX 4 V3 Affected: 0
    Create a notification for this product.
    geovision gv-vs12_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gv-vs11_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gv-dsp_lpr_v3_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gvlx_4_v2_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    geovision gvlx_4_v3_firmware Affected: 0 , < * (custom)
        cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-15 01:56
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gv-vs12_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gv-vs11_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gv-dsp_lpr_v3_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gvlx_4_v2_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "gvlx_4_v3_firmware",
                "vendor": "geovision",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-11120",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T17:12:05.450406Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2025-05-07",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
                  },
                  "type": "kev"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T22:55:36.559Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
              },
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2025-05-07T00:00:00.000Z",
                "value": "CVE-2024-11120 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GV-VS12",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GV-VS11",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GV-DSP_LPR_V3",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GVLX 4 V2",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "GVLX 4 V3",
              "vendor": "GeoVision",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2024-11-15T01:56:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
                }
              ],
              "value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-88",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-88 OS Command Injection"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-15T02:00:27.361Z",
            "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
            "shortName": "twcert"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u0026nbsp; The affected devices are no longer being maintained. It is recommended to replace them.\u003cbr\u003e"
                }
              ],
              "value": "The affected devices are no longer being maintained. It is recommended to replace them."
            }
          ],
          "source": {
            "advisory": "TVN-202411014",
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned",
            "x_known-exploited-vulnerability"
          ],
          "title": "GeoVision EOL devices - OS Command Injection",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
        "assignerShortName": "twcert",
        "cveId": "CVE-2024-11120",
        "datePublished": "2024-11-15T02:00:27.361Z",
        "dateReserved": "2024-11-12T06:23:33.571Z",
        "dateUpdated": "2025-10-21T22:55:36.559Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }