Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
An attacker can submit crafted input data to a vulnerable device function without any authentication. Due to lack of proper input validation and filtering (CWE-78 — OS Command Injection), injected commands are executed directly by the device's operating system. The attack is possible remotely over the network, requires no user interaction or any privileges.
An attacker gains the ability to execute arbitrary system commands on the device, which in practice means full control over the device, loss of data confidentiality, possibility of configuration modification, and inclusion of the device in a botnet.
Devices affected by the vulnerability have EOL status and will most likely not receive official patches from the manufacturer. Immediate replacement of devices with supported models is recommended. Until replacement, devices should be isolated from the public network, restrict access through a firewall to trusted IP addresses only, and monitor network traffic for anomalies. Detailed recommendations are available in TWCERT bulletins at the addresses indicated in the references.
GeoVision EOL devices: GV-DSP LPR (firmware), GV-BX130 (firmware), GV-BX1500 (firmware) and their corresponding hardware models — according to manufacturer and TWCERT references.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGeovision Gv Bx130
HWGeovisionwszystkie wersjeGeovision Gv Bx130 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Bx1500
HWGeovisionwszystkie wersjeGeovision Gv Bx1500 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Cb220
HWGeovisionwszystkie wersjeGeovision Gv Cb220 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Dsp Lpr
HWGeovision2.0Geovision Gv Dsp Lpr Firmware
OSGeovisionwszystkie wersjeGeovision Gv Ebl1100
HWGeovisionwszystkie wersjeGeovision Gv Ebl1100 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Efd1100
HWGeovisionwszystkie wersjeGeovision Gv Efd1100 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Fd2410
HWGeovisionwszystkie wersjeGeovision Gv Fd2410 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Fd3400
HWGeovisionwszystkie wersjeGeovision Gv Fd3400 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Fe3401
HWGeovisionwszystkie wersjeGeovision Gv Fe3401 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Fe420
HWGeovisionwszystkie wersjeGeovision Gv Fe420 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Gm8186 Vs14
HWGeovisionwszystkie wersjeGeovision Gv Gm8186 Vs14 Firmware
OSGeovisionwszystkie wersjeGeovision Gvlx 4
HWGeovision2.03.0Geovision Gvlx 4 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Vs03
HWGeovisionwszystkie wersjeGeovision Gv Vs03 Firmware
OSGeovisionwszystkie wersjeGeovision Gv Vs04a
HWGeovisionwszystkie wersjeGeovision Gv Vs04a Firmware
OSGeovisionwszystkie wersjeGeovision Gv Vs04h
HWGeovisionwszystkie wersjeGeovision Gv Vs04h Firmware
OSGeovisionwszystkie wersje
CISA KEV — detailsi
- Vendori
- GeoVision
- Producti
- Multiple Devices
- Added to KEVi
- May 7, 2025
- Remediation deadline (US Federal)i
- May 28, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Related vulnerabilities
OS Command Injection w urządzeniach GeoVision — zdalne wykonanie poleceń bez uwierzytelnienia
Stack overflow w GeoVision GV-VMS — nieuwierzytelnione RCE przez WebCam Server
Command injection w GeoVision LPC2011/LPC2211 via konfiguracja DDNS
Privilege escalation w interfejsie Web GeoVision LPC2011/LPC2211
Wyciek poświadczeń przez słabe szyfrowanie w GeoVision GV-IP Device Utility