A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HGeovision Gv Vms
HWGeovision20Geovision Gv Vms Firmware
OSGeovision< 21.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2026-7372CRITICAL9.0PL ✓ten sam produkt
Stack overflow w GeoVision GV-VMS — niezautoryzowane RCE przez WebCam Server
CVE-2024-11120CRITICAL9.8⚠ KEVPL ✓ten sam vendor
OS Command Injection w urządzeniach GeoVision — zdalne wykonanie poleceń bez uwierzytelnienia
CVE-2024-6047CRITICAL9.8⚠ KEVPL ✓ten sam vendor
Command injection w urządzeniach GeoVision EOL — zdalne wykonanie poleceń
CVE-2026-42364CRITICAL9.9PL ✓ten sam vendor
Command injection w GeoVision LPC2011/LPC2211 via konfiguracja DDNS
CVE-2026-42368CRITICAL9.9PL ✓ten sam vendor
Privilege escalation w interfejsie Web GeoVision LPC2011/LPC2211