Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
History

Thu, 05 Dec 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Geovision gv-dsp Lpr
Geovision gv-dsp Lpr Firmware
Geovision gv-vs11
Geovision gv-vs12
Geovision gvlx 4
Geovision gvlx 4 Firmware
CPEs cpe:2.3:h:geovision:gv-dsp_lpr:3.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs11:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs12:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs11_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs12_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
Vendors & Products Geovision gv-dsp Lpr
Geovision gv-dsp Lpr Firmware
Geovision gv-vs11
Geovision gv-vs12
Geovision gvlx 4
Geovision gvlx 4 Firmware

Fri, 15 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Geovision
Geovision gv-dsp Lpr V3 Firmware
Geovision gv-vs11 Firmware
Geovision gv-vs12 Firmware
Geovision gvlx 4 V2 Firmware
Geovision gvlx 4 V3 Firmware
CPEs cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*
Vendors & Products Geovision
Geovision gv-dsp Lpr V3 Firmware
Geovision gv-vs11 Firmware
Geovision gv-vs12 Firmware
Geovision gvlx 4 V2 Firmware
Geovision gvlx 4 V3 Firmware
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Title GeoVision EOL devices - OS Command Injection
Weaknesses CWE-78
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2024-11-15T02:00:27.361Z

Updated: 2024-11-15T19:39:22.203Z

Reserved: 2024-11-12T06:23:33.571Z

Link: CVE-2024-11120

cve-icon Vulnrichment

Updated: 2024-11-15T19:39:06.804Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-15T02:15:17.757

Modified: 2024-12-05T15:30:58.490

Link: CVE-2024-11120

cve-icon Redhat

No data.