CRITICAL🇵🇱 Wersja polska

CVE-2026-12848

CVSS 10.0v3.1pub. 2026-06-24upd. 2026-06-25

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### DNS field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v8 = strlen(g_network_config->dns_addr); memcpy(&reply_buf[248], g_network_config->dns_addr, v8);

🤖 AI Analysis
How it works

The DVRSearch service, enabled by default on the device, accepts UDP packets from any user on the network without authentication. Upon receiving a message, the server reads up to 1460 bytes into a local buffer, and a pointer to it is stored in a global variable. The vulnerability results from uncontrolled data copying — the DNS field value from the network configuration is copied by the memcpy function to the response buffer without length verification, leading to stack buffer overflow (CWE-121) controlled by the attacker.

Impact

An attacker without any privileges and without user interaction can remotely execute arbitrary code (RCE) in the device context, which in practice means complete takeover of the device, its inputs, and relay outputs.

Mitigation & patch

Apply patches available from the manufacturer according to the references (https://www.geovision.com.tw/cyber_security.php). Until the update is applied, it is recommended to isolate the device from unprotected network segments, block access to UDP port 10001 at the firewall level, and restrict network access only to trusted hosts.

Who is affected

GeoVision GV-I/O Box 4E device — specific software versions indicated in the manufacturer's references and Talos report.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References