CVE-2026-7372

Summary

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Stack-overflow via unconstrained sscanf

The call to sscanf at [1] to split the Buffer variable into the username and password variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds 40 characters (the size the stack variables username and password) then a stack overflow will occur.

The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.

Affected Software

VendorProductVersion RangeStatus
GeoVision Inc.GV-VMS V20.0.220.0.2affected
GeoVision Inc.GV-VMS V20.0.220.0.2.10unaffected
GeoVision Inc.GV-VMS V20.0.220.1.0.0unaffected

Weaknesses

  • CWE-787: CWE-787 Out-of-bounds write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References