Release Date: Nov 20, 2024
Advisory ID
GV-IP-2024-11-1
CVE ID
CVE-2024-6047
CVE-2024-11120
Affected Product
CVE-2024-6047
- 2024-11-22_08h08_25.png (45.86 KiB) Viewed 2692 times
- 2024-11-22_08h08_35.png (10.3 KiB) Viewed 2692 times
Certain EOL GeoVision devices have an OS Command Injection vulnerability due to improper
filtering of user input for specific functionalities. Unauthenticated remote attackers can exploit
this vulnerability to inject and execute arbitrary system commands on the device.
Resolution
The affected devices are no longer maintained and have reached their end of life (EOL). It is
recommended that users replace these devices with those currently offered by GeoVision to
avoid potential vulnerabilities.
If you have any questions or concerns regarding the reported vulnerability, please contact our
cybersecurity team at: security@geovision.com.tw.