CVE-2024-6047

Summary

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Affected Software

VendorProductVersion RangeStatus
GeoVisionGV_DSP_LPR_V2allaffected
GeoVisionGV_IPCAMD_GV_BX1500allaffected
GeoVisionGV_IPCAMD_GV_CB220allaffected
GeoVisionGV_IPCAMD_GV_EBL1100allaffected
GeoVisionGV_IPCAMD_GV_EFD1100allaffected
GeoVisionGV_IPCAMD_GV_FD2410allaffected
GeoVisionGV_IPCAMD_GV_FD3400allaffected
GeoVisionGV_IPCAMD_GV_FE3401allaffected
GeoVisionGV_IPCAMD_GV_FE420allaffected
GeoVisionGV-VS14_VS14allaffected
GeoVisionGV_VS03allaffected
GeoVisionGV_VS2410allaffected
GeoVisionGV_VS28XXallaffected
GeoVisionGV_VS216XXallaffected
GeoVisionGV VS04Aallaffected
GeoVisionGV VS04Hallaffected
GeoVisionGVLX 4 V2allaffected
GeoVisionGVLX 4 V3allaffected
GeoVisionGV_IPCAMD_GV_BX130allaffected
GeoVisionGV_GM8186_VS14allaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

CVE Program Container

Additional References

References