Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html | Third Party Advisory |
https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
05 Dec 2024, 15:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html - Third Party Advisory | |
References | () https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html - Third Party Advisory | |
CPE | cpe:2.3:o:geovision:gv-vs12_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-vs12:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-vs11:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-dsp_lpr:3.0:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs11_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:* |
|
First Time |
Geovision gv-vs11 Firmware
Geovision Geovision gv-dsp Lpr Firmware Geovision gv-dsp Lpr Geovision gv-vs12 Firmware Geovision gvlx 4 Geovision gvlx 4 Firmware Geovision gv-vs11 Geovision gv-vs12 |
15 Nov 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
15 Nov 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-15 02:15
Updated : 2024-12-05 15:30
NVD link : CVE-2024-11120
Mitre link : CVE-2024-11120
CVE.ORG link : CVE-2024-11120
JSON object : View
Products Affected
geovision
- gvlx_4_firmware
- gv-vs12
- gv-dsp_lpr_firmware
- gv-dsp_lpr
- gv-vs12_firmware
- gv-vs11_firmware
- gvlx_4
- gv-vs11
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')