CVE-2024-11120

Summary

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

Affected Software

VendorProductVersion RangeStatus
GeoVisionGV-VS120affected
GeoVisionGV-VS110affected
GeoVisionGV-DSP_LPR_V30affected
GeoVisionGVLX 4 V20affected
GeoVisionGVLX 4 V30affected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References