CVE-2024-6047

Published: Jun 17, 2024Modified: Oct 30, 2025CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: twcert@cert.org.tw (Secondary)

Description

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Affected (20)

Products: Geovision: Gv Dsp Lpr Firmware, Gv Bx130 Firmware, Gv Bx1500 Firmware, Gv Cb220 Firmware, Gv Ebl1100 Firmware, Gv Efd1100 Firmware, Gv Fd2410 Firmware, Gv Fd3400 Firmware, Gv Fe3401 Firmware, Gv Fe420 Firmware, Gv Gm8186 Vs14 Firmware, Gv Vs14 Firmware, Gv Vs03 Firmware, Gv Vs2410 Firmware, Gv Vs21600 Firmware, Gv Vs04a Firmware, Gv Vs04h Firmware, Gvlx 4 Firmware, Gv Vs2800 Firmware, Gv Vs2820 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Dsp Lpr Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Dsp Lpr	Version 2.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Bx130 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Bx130	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Bx1500 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Bx1500	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Cb220 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Cb220	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Ebl1100 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Ebl1100	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Efd1100 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Efd1100	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Fd2410 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Fd2410	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Fd3400 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Fd3400	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Fe3401 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Fe3401	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Fe420 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Fe420	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Gm8186 Vs14 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Gm8186 Vs14	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs14 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs14	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs03 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs03	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs2410 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs2410	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs21600 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs21600	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs04a Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs04a	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs04h Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs04h	All versions

Configuration R

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Geovision Gvlx 4 Firmware	All versions

Running on/with	Platform Versions
Geovision Gvlx 4	Version 2.0
Geovision Gvlx 4	Version 3.0

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs2800 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs2800	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Geovision Gv Vs2820 Firmware	All versions

Running on/with	Platform Versions
Geovision Gv Vs2820	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (6)

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Source: twcert@cert.org.tw

Third Party Advisory

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.