Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for GeoWebPlayer by GeoVision Inc.

    CVE-2026-57278 (GCVE-0-2026-57278)

    Vulnerability from nvd – Published: 2026-07-02 02:26 – Updated: 2026-07-02 12:33
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in ip field
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:33:29.291886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:33:49.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e#### Buffer Overflow in ip field\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n#### Buffer Overflow in ip field"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:26:09.613Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57278",
        "datePublished": "2026-07-02T02:26:09.613Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:33:49.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57277 (GCVE-0-2026-57277)

    Vulnerability from nvd – Published: 2026-07-02 02:25 – Updated: 2026-07-02 12:34
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in key field
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:34:21.242964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:34:29.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e#### Buffer Overflow in key field\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n#### Buffer Overflow in key field"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:25:34.916Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57277",
        "datePublished": "2026-07-02T02:25:34.916Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:34:29.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57276 (GCVE-0-2026-57276)

    Vulnerability from nvd – Published: 2026-07-02 02:25 – Updated: 2026-07-02 12:32
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in password field (key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57276",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:32:44.040075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:32:50.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. \n\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e#### Buffer Overflow in password field (key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. \n\n\n\n\n#### Buffer Overflow in password field (key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:25:09.701Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57276",
        "datePublished": "2026-07-02T02:25:09.701Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:32:50.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57275 (GCVE-0-2026-57275)

    Vulnerability from nvd – Published: 2026-07-02 02:24 – Updated: 2026-07-02 12:34
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in username field (key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57275",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:34:50.765098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:34:58.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### Buffer Overflow in username field (key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n#### Buffer Overflow in username field (key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:24:39.554Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57275",
        "datePublished": "2026-07-02T02:24:39.554Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:34:58.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57274 (GCVE-0-2026-57274)

    Vulnerability from nvd – Published: 2026-07-02 02:24 – Updated: 2026-07-02 12:36
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in password field (no key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:36:00.897533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:36:12.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### Buffer Overflow in password field (no key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n\n#### Buffer Overflow in password field (no key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:24:11.611Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57274",
        "datePublished": "2026-07-02T02:24:11.611Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:36:12.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57273 (GCVE-0-2026-57273)

    Vulnerability from nvd – Published: 2026-07-02 02:23 – Updated: 2026-07-02 12:37
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in username field (no key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:37:14.753874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:37:31.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### Buffer Overflow in username field (no key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n\n#### Buffer Overflow in username field (no key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:23:43.611Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57273",
        "datePublished": "2026-07-02T02:23:43.611Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:37:31.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57272 (GCVE-0-2026-57272)

    Vulnerability from nvd – Published: 2026-07-02 02:22 – Updated: 2026-07-02 12:38
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### byPass command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:38:30.227626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:38:48.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### byPass command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### byPass command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:22:36.287Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57272",
        "datePublished": "2026-07-02T02:22:36.287Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:38:48.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57271 (GCVE-0-2026-57271)

    Vulnerability from nvd – Published: 2026-07-02 02:21 – Updated: 2026-07-02 12:39
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. #### pause command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:39:31.652902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:39:38.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### pause command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\n#### pause command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:21:46.247Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57271",
        "datePublished": "2026-07-02T02:21:46.247Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:39:38.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57270 (GCVE-0-2026-57270)

    Vulnerability from nvd – Published: 2026-07-02 02:21 – Updated: 2026-07-02 12:40
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### play command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:40:04.722639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:40:13.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### play command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### play command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:21:11.097Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57270",
        "datePublished": "2026-07-02T02:21:11.097Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:40:13.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57269 (GCVE-0-2026-57269)

    Vulnerability from nvd – Published: 2026-07-02 02:20 – Updated: 2026-07-02 12:40
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### disconnect command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:40:34.594413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:40:45.176Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### disconnect command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### disconnect command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:20:43.396Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57269",
        "datePublished": "2026-07-02T02:20:43.396Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:40:45.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57268 (GCVE-0-2026-57268)

    Vulnerability from nvd – Published: 2026-07-02 02:20 – Updated: 2026-07-02 12:35
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. ### saveVideo command index-out-of-bound When sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution: v6 = get_entry(a2, "index"); result = json_is_value_int(v6); if ( (_BYTE)result ) { v8 = get_entry(a2, "index"); index = json_value_to_int(&v8->value); // [1] result = CCriticalSection::EnterCritSection(&this->crit_sections[index]); //[2] if ( result ) { if ( this->array_of_IPCams[index] ) { if ( this->array_of_IPCams[index]->field_20 ) do_PostMessageA((CViewer *)this->array_of_IPCams[index], 0x111u, 0x139Fu, v11); } return (*(int (__thiscall **)(CCriticalSection *))(this->crit_sections[index].vtbl + 20))(&this->crit_sections[index]); //[3] } }
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:35:11.850544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:35:19.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e### saveVideo command index-out-of-bound\u003cbr\u003e\u003cbr\u003eWhen sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution:\n\u003cbr\u003e\n\u003cbr\u003e\n\u003cbr\u003e     v6 = get_entry(a2, \"index\");\n\u003cbr\u003e      result = json_is_value_int(v6);\n\u003cbr\u003e      if ( (_BYTE)result )\n\u003cbr\u003e      {\n\u003cbr\u003e        v8 = get_entry(a2, \"index\");\n\u003cbr\u003e        index = json_value_to_int(\u0026amp;v8-\u0026gt;value);  // [1]\n\u003cbr\u003e        result = CCriticalSection::EnterCritSection(\u0026amp;this-\u0026gt;crit_sections[index]);  //[2]\n\u003cbr\u003e        if ( result )\n\u003cbr\u003e        {\n\u003cbr\u003e          if ( this-\u0026gt;array_of_IPCams[index] )\n\u003cbr\u003e          {\n\u003cbr\u003e            if ( this-\u0026gt;array_of_IPCams[index]-\u0026gt;field_20 )\n\u003cbr\u003e              do_PostMessageA((CViewer *)this-\u0026gt;array_of_IPCams[index], 0x111u, 0x139Fu, v11);\n\u003cbr\u003e          }\n\u003cbr\u003e          return (*(int (__thiscall **)(CCriticalSection *))(this-\u0026gt;crit_sections[index].vtbl + 20))(\u0026amp;this-\u0026gt;crit_sections[index]); //[3]\n\u003cbr\u003e        }\n\u003cbr\u003e      }\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n### saveVideo command index-out-of-bound\n\nWhen sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution:\n\n\n\n\n\n     v6 = get_entry(a2, \"index\");\n\n      result = json_is_value_int(v6);\n\n      if ( (_BYTE)result )\n\n      {\n\n        v8 = get_entry(a2, \"index\");\n\n        index = json_value_to_int(\u0026v8-\u003evalue);  // [1]\n\n        result = CCriticalSection::EnterCritSection(\u0026this-\u003ecrit_sections[index]);  //[2]\n\n        if ( result )\n\n        {\n\n          if ( this-\u003earray_of_IPCams[index] )\n\n          {\n\n            if ( this-\u003earray_of_IPCams[index]-\u003efield_20 )\n\n              do_PostMessageA((CViewer *)this-\u003earray_of_IPCams[index], 0x111u, 0x139Fu, v11);\n\n          }\n\n          return (*(int (__thiscall **)(CCriticalSection *))(this-\u003ecrit_sections[index].vtbl + 20))(\u0026this-\u003ecrit_sections[index]); //[3]\n\n        }\n\n      }"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:20:11.291Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57268",
        "datePublished": "2026-07-02T02:20:11.291Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:35:19.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57267 (GCVE-0-2026-57267)

    Vulnerability from nvd – Published: 2026-07-02 02:19 – Updated: 2026-07-02 12:35
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### snapshot command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:35:32.464023Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:35:41.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### snapshot command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### snapshot command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:19:40.534Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57267",
        "datePublished": "2026-07-02T02:19:40.534Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:35:41.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57266 (GCVE-0-2026-57266)

    Vulnerability from nvd – Published: 2026-07-02 02:19 – Updated: 2026-07-02 12:36
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### 2wayAudio command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57266",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:35:55.716734Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:36:07.280Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### 2wayAudio command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### 2wayAudio command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:19:10.412Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57266",
        "datePublished": "2026-07-02T02:19:10.412Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:36:07.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57265 (GCVE-0-2026-57265)

    Vulnerability from nvd – Published: 2026-07-02 02:18 – Updated: 2026-07-02 12:29
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### audio command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57265",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:28:33.936675Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:29:34.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e#### audio command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n#### audio command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:18:47.724Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57265",
        "datePublished": "2026-07-02T02:18:47.724Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:29:34.294Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57264 (GCVE-0-2026-57264)

    Vulnerability from nvd – Published: 2026-07-02 02:18 – Updated: 2026-07-02 12:32
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### setPIP command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57264",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:32:16.972441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:32:25.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### setPIP command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### setPIP command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:18:12.568Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57264",
        "datePublished": "2026-07-02T02:18:12.568Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:32:25.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13132 (GCVE-0-2026-13132)

    Vulnerability from nvd – Published: 2026-07-02 02:17 – Updated: 2026-07-02 12:31
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### setStream command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13132",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:30:41.877700Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:31:38.542Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### setStream command index-out-of-bound\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### setStream command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:17:15.274Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-13132",
        "datePublished": "2026-07-02T02:17:15.274Z",
        "dateReserved": "2026-06-24T05:48:09.196Z",
        "dateUpdated": "2026-07-02T12:31:38.542Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13131 (GCVE-0-2026-13131)

    Vulnerability from nvd – Published: 2026-07-02 02:14 – Updated: 2026-07-02 12:30
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### connectInfo command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13131",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:30:20.671962Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:30:29.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e#### connectInfo command index-out-of-bound\u003cbr\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n#### connectInfo command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:16:23.624Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-13131",
        "datePublished": "2026-07-02T02:14:52.655Z",
        "dateReserved": "2026-06-24T05:48:08.013Z",
        "dateUpdated": "2026-07-02T12:30:29.606Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-13125 (GCVE-0-2026-13125)

    Vulnerability from nvd – Published: 2026-07-02 02:14 – Updated: 2026-07-02 12:30
    VLAI
    Title
    GeoVision GeoWebPlayer 1.1.1.0 Websocket Server function vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. In order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it's possible to call a combination of the `create` method and `getScreenCapture` to retrieve the content of the user's screen.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing authentication for critical function
    Assigner
    GV
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-02T03:08:30.310Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2370"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-13125",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:29:53.123319Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:30:01.650Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eIn order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it\u0027s possible to call a combination of the `create` method and  `getScreenCapture`  to retrieve the content of the user\u0027s screen."
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nIn order to access the websocket server, no authentication is required. As such, any malicious website can attempt to open a connection to the server and potentially access sensitive APIs. In particular, it\u0027s possible to call a combination of the `create` method and  `getScreenCapture`  to retrieve the content of the user\u0027s screen."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing authentication for critical function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:14:22.167Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "url": "https://www.geovision.com.tw/cyber_security.php"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer 1.1.1.0 Websocket Server function vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-13125",
        "datePublished": "2026-07-02T02:14:22.167Z",
        "dateReserved": "2026-06-24T00:32:34.362Z",
        "dateUpdated": "2026-07-02T12:30:01.650Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57278 (GCVE-0-2026-57278)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:26 – Updated: 2026-07-02 12:33
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in ip field
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57278",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:33:29.291886Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:33:49.256Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e#### Buffer Overflow in ip field\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n#### Buffer Overflow in ip field"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:26:09.613Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57278",
        "datePublished": "2026-07-02T02:26:09.613Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:33:49.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57277 (GCVE-0-2026-57277)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:25 – Updated: 2026-07-02 12:34
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in key field
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57277",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:34:21.242964Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:34:29.480Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e#### Buffer Overflow in key field\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n#### Buffer Overflow in key field"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:25:34.916Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57277",
        "datePublished": "2026-07-02T02:25:34.916Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:34:29.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57276 (GCVE-0-2026-57276)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:25 – Updated: 2026-07-02 12:32
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in password field (key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57276",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:32:44.040075Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:32:50.311Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. \n\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e#### Buffer Overflow in password field (key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. \n\n\n\n\n#### Buffer Overflow in password field (key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:25:09.701Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57276",
        "datePublished": "2026-07-02T02:25:09.701Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:32:50.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57275 (GCVE-0-2026-57275)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:24 – Updated: 2026-07-02 12:34
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in username field (key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57275",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:34:50.765098Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:34:58.181Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### Buffer Overflow in username field (key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n#### Buffer Overflow in username field (key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:24:39.554Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57275",
        "datePublished": "2026-07-02T02:24:39.554Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:34:58.181Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57274 (GCVE-0-2026-57274)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:24 – Updated: 2026-07-02 12:36
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in password field (no key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57274",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:36:00.897533Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:36:12.891Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### Buffer Overflow in password field (no key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n\n#### Buffer Overflow in password field (no key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:24:11.611Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57274",
        "datePublished": "2026-07-02T02:24:11.611Z",
        "dateReserved": "2026-06-24T05:48:05.704Z",
        "dateUpdated": "2026-07-02T12:36:12.891Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57273 (GCVE-0-2026-57273)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:23 – Updated: 2026-07-02 12:37
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits. #### Buffer Overflow in username field (no key present)
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57273",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:37:14.753874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:37:31.537Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003e\u003cdiv\u003eGeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### Buffer Overflow in username field (no key present)\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. One of them, `connectionInfo` is meant to provide the necessary details to connect to a camera. The handler associated with this command that we call`handle_connection_info` contains multiple instances of string copy that can overflow. The function `handle_connect_info` copies attacker-controlled JSON strings into fixed-size buffers using manual byte-by-byte loops that do not enforce length limits.\n\n\n\n\n\n#### Buffer Overflow in username field (no key present)"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 - Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:23:43.611Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2375"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57273",
        "datePublished": "2026-07-02T02:23:43.611Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:37:31.537Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57272 (GCVE-0-2026-57272)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:22 – Updated: 2026-07-02 12:38
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### byPass command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57272",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:38:30.227626Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:38:48.618Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### byPass command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### byPass command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:22:36.287Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57272",
        "datePublished": "2026-07-02T02:22:36.287Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:38:48.618Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57271 (GCVE-0-2026-57271)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:21 – Updated: 2026-07-02 12:39
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. #### pause command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57271",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:39:31.652902Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:39:38.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### pause command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\n#### pause command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:21:46.247Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57271",
        "datePublished": "2026-07-02T02:21:46.247Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:39:38.730Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57270 (GCVE-0-2026-57270)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:21 – Updated: 2026-07-02 12:40
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### play command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57270",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:40:04.722639Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:40:13.858Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### play command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### play command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:21:11.097Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57270",
        "datePublished": "2026-07-02T02:21:11.097Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:40:13.858Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57269 (GCVE-0-2026-57269)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:20 – Updated: 2026-07-02 12:40
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### disconnect command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57269",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:40:34.594413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:40:45.176Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e#### disconnect command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### disconnect command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:20:43.396Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57269",
        "datePublished": "2026-07-02T02:20:43.396Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:40:45.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57268 (GCVE-0-2026-57268)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:20 – Updated: 2026-07-02 12:35
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. ### saveVideo command index-out-of-bound When sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution: v6 = get_entry(a2, "index"); result = json_is_value_int(v6); if ( (_BYTE)result ) { v8 = get_entry(a2, "index"); index = json_value_to_int(&v8->value); // [1] result = CCriticalSection::EnterCritSection(&this->crit_sections[index]); //[2] if ( result ) { if ( this->array_of_IPCams[index] ) { if ( this->array_of_IPCams[index]->field_20 ) do_PostMessageA((CViewer *)this->array_of_IPCams[index], 0x111u, 0x139Fu, v11); } return (*(int (__thiscall **)(CCriticalSection *))(this->crit_sections[index].vtbl + 20))(&this->crit_sections[index]); //[3] } }
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57268",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:35:11.850544Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:35:19.946Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e### saveVideo command index-out-of-bound\u003cbr\u003e\u003cbr\u003eWhen sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution:\n\u003cbr\u003e\n\u003cbr\u003e\n\u003cbr\u003e     v6 = get_entry(a2, \"index\");\n\u003cbr\u003e      result = json_is_value_int(v6);\n\u003cbr\u003e      if ( (_BYTE)result )\n\u003cbr\u003e      {\n\u003cbr\u003e        v8 = get_entry(a2, \"index\");\n\u003cbr\u003e        index = json_value_to_int(\u0026amp;v8-\u0026gt;value);  // [1]\n\u003cbr\u003e        result = CCriticalSection::EnterCritSection(\u0026amp;this-\u0026gt;crit_sections[index]);  //[2]\n\u003cbr\u003e        if ( result )\n\u003cbr\u003e        {\n\u003cbr\u003e          if ( this-\u0026gt;array_of_IPCams[index] )\n\u003cbr\u003e          {\n\u003cbr\u003e            if ( this-\u0026gt;array_of_IPCams[index]-\u0026gt;field_20 )\n\u003cbr\u003e              do_PostMessageA((CViewer *)this-\u0026gt;array_of_IPCams[index], 0x111u, 0x139Fu, v11);\n\u003cbr\u003e          }\n\u003cbr\u003e          return (*(int (__thiscall **)(CCriticalSection *))(this-\u0026gt;crit_sections[index].vtbl + 20))(\u0026amp;this-\u0026gt;crit_sections[index]); //[3]\n\u003cbr\u003e        }\n\u003cbr\u003e      }\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n### saveVideo command index-out-of-bound\n\nWhen sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution:\n\n\n\n\n\n     v6 = get_entry(a2, \"index\");\n\n      result = json_is_value_int(v6);\n\n      if ( (_BYTE)result )\n\n      {\n\n        v8 = get_entry(a2, \"index\");\n\n        index = json_value_to_int(\u0026v8-\u003evalue);  // [1]\n\n        result = CCriticalSection::EnterCritSection(\u0026this-\u003ecrit_sections[index]);  //[2]\n\n        if ( result )\n\n        {\n\n          if ( this-\u003earray_of_IPCams[index] )\n\n          {\n\n            if ( this-\u003earray_of_IPCams[index]-\u003efield_20 )\n\n              do_PostMessageA((CViewer *)this-\u003earray_of_IPCams[index], 0x111u, 0x139Fu, v11);\n\n          }\n\n          return (*(int (__thiscall **)(CCriticalSection *))(this-\u003ecrit_sections[index].vtbl + 20))(\u0026this-\u003ecrit_sections[index]); //[3]\n\n        }\n\n      }"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:20:11.291Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57268",
        "datePublished": "2026-07-02T02:20:11.291Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:35:19.946Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57267 (GCVE-0-2026-57267)

    Vulnerability from cvelistv5 – Published: 2026-07-02 02:19 – Updated: 2026-07-02 12:35
    VLAI
    Title
    GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
    Summary
    GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### snapshot command index-out-of-bound
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper validation of array index
    Assigner
    GV
    References
    Impacted products
    Vendor Product Version
    GeoVision Inc. GeoWebPlayer Affected: V1.1.1.0
    Unaffected: V1.1.3.0
    Create a notification for this product.
    Date Public
    2026-06-24 00:39
    Credits
    Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57267",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-02T12:35:32.464023Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-02T12:35:41.331Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "packageName": "GeoWebPlayer",
              "platforms": [
                "Windows",
                "64 bit"
              ],
              "product": "GeoWebPlayer",
              "vendor": "GeoVision Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "V1.1.1.0"
                },
                {
                  "status": "unaffected",
                  "version": "V1.1.3.0"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:windows:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.1.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:windows:*:*:*:*:*",
                      "vulnerable": false
                    },
                    {
                      "criteria": "cpe:2.3:a:geovision_inc.:geowebplayer:v1.1.3.0:*:64_bit:*:*:*:*:*",
                      "vulnerable": false
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ],
              "operator": "OR"
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Philippe Laulheret of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Kelly Patterson of Cisco Talos"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "Robert Sherwin of Cisco Talos"
            }
          ],
          "datePublic": "2026-06-24T00:39:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\u003cbr\u003e\u003cbr\u003eThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cbr\u003e#### snapshot command index-out-of-bound\u003cbr\u003e\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e"
                }
              ],
              "value": "GeoWebPlayer (also called \"Web Plugin\" in the GV-VMS documentation and \"WS Player\" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.\n\nThe Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound.\n\n\n\n#### snapshot command index-out-of-bound"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-540",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-540 Overread Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper validation of array index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-02T02:19:40.534Z",
            "orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
            "shortName": "GV"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.geovision.com.tw/cyber_security.php"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0\u0026nbsp;"
                }
              ],
              "value": "The vulnerability has been patched with GeoWebPlayer V1.1.3.0"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
        "assignerShortName": "GV",
        "cveId": "CVE-2026-57267",
        "datePublished": "2026-07-02T02:19:40.534Z",
        "dateReserved": "2026-06-24T05:48:03.740Z",
        "dateUpdated": "2026-07-02T12:35:41.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }