CVE-2024-11120

GeoVision EOL devices - OS Command Injection

CVSS 9.8 CRITICALEPSS 28.6%● KEVCWE-78

Vexday Risk Score

63High priority

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 9.8EPSS 28.6%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Nov 2024Published on NVD

07 May 2025Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

GeoVision end-of-life devices allow attackers to run harmful commands on the device without logging in. This is a serious flaw that attackers are already actively exploiting to take control of these devices.

Technical detail

OS command injection vulnerability in EOL GeoVision devices permits unauthenticated remote attackers to inject and execute arbitrary system commands via unsanitized input. The attack requires network access to the device but no authentication credentials; successful exploitation grants full system-level access and has been actively weaponized in the wild.

Summary generated and translated by AI from the official description.

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

GeoVision · GV-DSP_LPR_V3 GeoVision · GVLX 4 V2 GeoVision · GVLX 4 V3 GeoVision · GV-VS11 GeoVision · GV-VS12

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120 https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html