CRITICAL🇵🇱 Wersja polska

CVE-2026-12847

CVSS 10.0v3.1pub. 2026-06-24upd. 2026-06-25

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Gateway field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v7 = strlen(g_network_config->gateway); memcpy(&reply_buf[216], g_network_config->gateway, v7);

🤖 AI Analysis
How it works

The DVRSearch service operates by default on the device and listens for UDP messages on port 10001 — it is accessible to every user on the network without authentication. When receiving UDP messages, the service reads up to 1460 bytes into a local buffer, and a pointer to this buffer is stored in a global variable. The critical flaw lies in the 'gateway' field: the code calls the memcpy function, copying the contents of the gateway field from the network configuration into a local stack buffer without verifying data length, allowing an attacker to perform a controlled stack overflow.

Impact

An attacker can cause arbitrary code execution on the device (RCE) or make it unavailable. Due to the lack of authentication requirements and network attack vector, successful exploitation of the vulnerability gives full control over the device, including its inputs and output relays.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references (https://www.geovision.com.tw/cyber_security.php). Until the update is applied, it is recommended to isolate GV-I/O Box 4E devices from untrusted network segments and block access to UDP port 10001 at the firewall level for unauthorized hosts.

Who is affected

GeoVision GV-I/O Box 4E device — specific firmware versions indicated in the manufacturer's references and Talos Intelligence report TALOS-2026-2377.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References