CVE-2024-6047
GeoVision EOL device - OS Command Injection
Vexday Risk Score
58Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.8EPSS 10.0%KEV simPoC —Nuclei —Metasploit —Patch —
Lifecycle
17 Jun 2024Published on NVD
07 May 2025Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
GeoVision devices that are no longer supported allow anyone on the internet to run harmful commands on the device without needing a password. This lets attackers take complete control of the system.
Technical detail
Unauthenticated OS command injection via improper input validation in EOL GeoVision devices. Remote attackers can inject arbitrary shell commands through unfiltered user input, achieving pre-authentication code execution with device privileges. Attack vector is network-based with no user interaction required.
Summary generated and translated by AI from the official description.
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
GeoVision · GV_DSP_LPR_V2GeoVision · GV_GM8186_VS14GeoVision · GV_IPCAMD_GV_BX130GeoVision · GV_IPCAMD_GV_BX1500GeoVision · GV_IPCAMD_GV_CB220GeoVision · GV_IPCAMD_GV_EBL1100GeoVision · GV_IPCAMD_GV_EFD1100GeoVision · GV_IPCAMD_GV_FD2410GeoVision · GV_IPCAMD_GV_FD3400GeoVision · GV_IPCAMD_GV_FE3401GeoVision · GV_IPCAMD_GV_FE420GeoVision · GVLX 4 V2GeoVision · GVLX 4 V3GeoVision · GV_VS03GeoVision · GV VS04AGeoVision · GV VS04HGeoVision · GV-VS14_VS14GeoVision · GV_VS216XXGeoVision · GV_VS2410GeoVision · GV_VS28XXWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →