ГлавнаяУязвимости → CVE-2024-11120
9.8критическая

CVE-2024-11120

→ есть в БДУ: BDU:2024-09799 (на русском)
Описание (на английском; русское — в БДУ выше)

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

Затрагиваемое ПО
Geovision Gv-vs12 firmwareGeovision Gv-vs12Geovision Gv-vs11 firmwareGeovision Gv-vs11Geovision Gv-dsp lpr firmwareGeovision Gv-dsp lprGeovision Gvlx 4 firmwareGeovision Gvlx 4
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.htmlhttps://www.twcert.org.tw/tw/cp-132-8236-d4836-1.htmlhttps://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnethttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120