Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
The vulnerability results from a lack of proper input filtering of data passed to device system functions (CWE-78 — OS Command Injection). An unauthenticated attacker can remotely send a crafted request containing malicious system commands that are executed directly by the device's operating system. The lack of any authentication requirement makes the attack possible for any user with network access to the device. Active exploitation of this vulnerability has been confirmed in production environments.
An attacker can gain full control of the device by executing arbitrary system commands, threatening the confidentiality, integrity, and availability of data and the device itself. The consequence may be the incorporation of the device into a botnet or its use as an entry point for further attacks on the network.
The manufacturer no longer issues updates for EOL devices — it is recommended to immediately isolate these devices from the public and internal network or replace them with currently supported models. Access to management interfaces should be restricted exclusively to trusted IP addresses using a firewall or VPN. Detailed recommendations are available at the addresses indicated by TWCERT and CISA.
GeoVision devices in EOL status (end of support): GV-VS12 (with firmware), GV-VS11 (with firmware), and GV-DSP LPR (with firmware). Specific firmware versions are indicated in the manufacturer's references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGeovision Gv Dsp Lpr
HWGeovision3.0Geovision Gv Dsp Lpr Firmware
OSGeovisionwszystkie wersjeGeovision Gvlx 4
HWGeovision2.03.0Geovision Gvlx 4 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Vs11
HWGeovisionwszystkie wersjeGeovision Gv Vs11 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Vs12
HWGeovisionwszystkie wersjeGeovision Gv Vs12 Firmware
OSGeovisionwszystkie wersje
CISA KEV — detailsi
- Vendori
- GeoVision
- Producti
- Multiple Devices
- Added to KEVi
- May 7, 2025
- Remediation deadline (US Federal)i
- May 28, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Related vulnerabilities
Command injection w urządzeniach GeoVision EOL — zdalne wykonanie poleceń
Stack overflow w GeoVision GV-VMS — nieuwierzytelnione RCE przez WebCam Server
Command injection w GeoVision LPC2011/LPC2211 via konfiguracja DDNS
Privilege escalation w interfejsie Web GeoVision LPC2011/LPC2211
Wyciek poświadczeń przez słabe szyfrowanie w GeoVision GV-IP Device Utility