CVE-2024-6047

critical-risk

Published 2024-06-17

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Do I need to act?

73.0% chance of exploitation in next 30 days

EPSS score — higher than 27% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Gv-Dsp Lpr Firmware

Gv-Bx130 Firmware

Gv-Bx1500 Firmware

Gv-Cb220 Firmware

Gv-Ebl1100 Firmware

Gv-Efd1100 Firmware

Gv-Fd2410 Firmware

Gv-Fd3400 Firmware

Gv-Fe3401 Firmware

Gv-Fe420 Firmware

Gv-Gm8186 Vs14 Firmware

Gv-Vs14 Firmware

Gv-Vs03 Firmware

Gv-Vs2410 Firmware

Gv-Vs21600 Firmware

Gv-Vs04A Firmware

Gv-Vs04H Firmware

Gvlx 4 Firmware

Gv-Vs2800 Firmware

Gv-Vs2820 Firmware

Affected Vendors

Geovision

References (6)

Third Party Advisory https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Third Party Advisory https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Third Party Advisory https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Third Party Advisory https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Exploit https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovisio...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-...

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 26/34 · High

Exposure 20/34 · Moderate