CVE-2026-42370

Summary

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
GeoVision Inc.GV-VMS V20.0.220.0.2affected
GeoVision Inc.GV-VMS V20.0.220.0.2.10unaffected
GeoVision Inc.GV-VMS V20.0.220.1.0unaffected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References