CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html	Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html	Third Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:geovision:gvlx_4:2.0:::::::*
	cpe:2.3:h:geovision:gvlx_4:3.0:::::::*

History

09 May 2025, 14:23

Type	Values Removed	Values Added
CPE		cpe:2.3:o:geovision:gv_vs28xx_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:::::::* cpe:2.3:h:geovision:gv-dsp_lpr:2.0:::::::* cpe:2.3:h:geovision:gv_vs2410:-:::::::* cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:::::::* cpe:2.3:h:geovision:gv-vs14_vs14:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:::::::* cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:::::::* cpe:2.3:o:geovision:gv_vs2410_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs216xx:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:::::::* cpe:2.3:h:geovision:gvlx_4:3.0:::::::* cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:::::::* cpe:2.3:h:geovision:gv_gm8186_vs14:-:::::::* cpe:2.3:h:geovision:gv_vs03:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs04h:-:::::::* cpe:2.3:o:geovision:gvlx_4_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:::::::* cpe:2.3:o:geovision:gv_vs04h_firmware:-:::::::* cpe:2.3:o:geovision:gv_vs216xx_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:::::::* cpe:2.3:h:geovision:gvlx_4:2.0:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:::::::* cpe:2.3:h:geovision:gv_vs04a:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:::::::* cpe:2.3:o:geovision:gv_vs04a_firmware:-:::::::* cpe:2.3:o:geovision:gv_vs03_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:::::::*
References	~~() https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html -~~	() https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - Third Party Advisory
References	~~() https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - Third Party Advisory
References	~~() https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet -~~	() https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - Exploit, Third Party Advisory
First Time		Geovision gv Ipcamd Gv Fd3400 Geovision gv Ipcamd Gv Fe420 Firmware Geovision gv Vs03 Geovision gv Vs216xx Geovision gv Ipcamd Gv Efd1100 Firmware Geovision gv Ipcamd Gv Fd2410 Firmware Geovision gv Vs03 Firmware Geovision gv Ipcamd Gv Fd3400 Firmware Geovision gv-dsp Lpr Firmware Geovision gv Vs2410 Geovision gv Ipcamd Gv Bx130 Geovision gv Gm8186 Vs14 Firmware Geovision gv Vs28xx Firmware Geovision gvlx 4 Firmware Geovision gv Ipcamd Gv Cb220 Firmware Geovision gv-vs14 Vs14 Geovision Geovision gv Gm8186 Vs14 Geovision gv-vs14 Vs14 Firmware Geovision gv Ipcamd Gv Fe3401 Firmware Geovision gv Vs2410 Firmware Geovision gv Ipcamd Gv Ebl1100 Firmware Geovision gv Ipcamd Gv Fe420 Geovision gv Vs04a Geovision gv Ipcamd Gv Cb220 Geovision gvlx 4 Geovision gv Ipcamd Gv Bx1500 Geovision gv Ipcamd Gv Efd1100 Geovision gv Ipcamd Gv Bx130 Firmware Geovision gv Ipcamd Gv Ebl1100 Geovision gv Vs216xx Firmware Geovision gv Vs04h Geovision gv Ipcamd Gv Fe3401 Geovision gv Ipcamd Gv Bx1500 Firmware Geovision gv-dsp Lpr Geovision gv Vs04a Firmware Geovision gv Vs04h Firmware Geovision gv Ipcamd Gv Fd2410

07 May 2025, 14:15

Type	Values Removed	Values Added
References		() https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet -

21 Nov 2024, 09:48

Type	Values Removed	Values Added
References	~~() https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html -~~	() https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html -
References	~~() https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html -

17 Jun 2024, 12:42

Type	Values Removed	Values Added
Summary		(es) Ciertos dispositivos EOL GeoVision no filtran adecuadamente la entrada del usuario para la funcionalidad específica. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo.

17 Jun 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-17 06:15

Updated : 2025-05-09 14:23

NVD link : CVE-2024-6047

Mitre link : CVE-2024-6047

CVE.ORG link : CVE-2024-6047

JSON object : View

Products Affected

geovision

gv_gm8186_vs14
gv_ipcamd_gv_fd3400
gv_ipcamd_gv_fd2410_firmware
gv-dsp_lpr_firmware
gv_vs03_firmware
gv_ipcamd_gv_bx1500_firmware
gv_ipcamd_gv_fe420
gv_ipcamd_gv_bx130
gv-vs14_vs14_firmware
gv-vs14_vs14
gv_ipcamd_gv_bx130_firmware
gv_ipcamd_gv_fd3400_firmware
gv_vs04a_firmware
gv_vs2410_firmware
gv_ipcamd_gv_ebl1100_firmware
gv_vs2410
gv_ipcamd_gv_efd1100_firmware
gvlx_4
gv_ipcamd_gv_cb220
gv_vs216xx
gv_vs216xx_firmware
gv_vs28xx_firmware
gv_ipcamd_gv_cb220_firmware
gv_vs03
gv-dsp_lpr
gv_ipcamd_gv_fe420_firmware
gv_vs04h
gv_ipcamd_gv_bx1500
gv_ipcamd_gv_ebl1100
gv_ipcamd_gv_efd1100
gv_vs04a
gvlx_4_firmware
gv_vs04h_firmware
gv_ipcamd_gv_fe3401_firmware
gv_ipcamd_gv_fe3401
gv_gm8186_vs14_firmware
gv_ipcamd_gv_fd2410

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

9.8 /10