Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Geovision gv-dsp Lpr
Geovision gv-dsp Lpr Firmware Geovision gv-vs11 Geovision gv-vs12 Geovision gvlx 4 Geovision gvlx 4 Firmware |
|
CPEs | cpe:2.3:h:geovision:gv-dsp_lpr:3.0:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-vs11:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gv-vs12:-:*:*:*:*:*:*:* cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:* cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs11_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs12_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Geovision gv-dsp Lpr
Geovision gv-dsp Lpr Firmware Geovision gv-vs11 Geovision gv-vs12 Geovision gvlx 4 Geovision gvlx 4 Firmware |
Fri, 15 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Geovision
Geovision gv-dsp Lpr V3 Firmware Geovision gv-vs11 Firmware Geovision gv-vs12 Firmware Geovision gvlx 4 V2 Firmware Geovision gvlx 4 V3 Firmware |
|
CPEs | cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Geovision
Geovision gv-dsp Lpr V3 Firmware Geovision gv-vs11 Firmware Geovision gv-vs12 Firmware Geovision gvlx 4 V2 Firmware Geovision gvlx 4 V3 Firmware |
|
Metrics |
ssvc
|
Fri, 15 Nov 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. | |
Title | GeoVision EOL devices - OS Command Injection | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2024-11-15T02:00:27.361Z
Updated: 2024-11-15T19:39:22.203Z
Reserved: 2024-11-12T06:23:33.571Z
Link: CVE-2024-11120
Vulnrichment
Updated: 2024-11-15T19:39:06.804Z
NVD
Status : Analyzed
Published: 2024-11-15T02:15:17.757
Modified: 2024-12-05T15:30:58.490
Link: CVE-2024-11120
Redhat
No data.