ГлавнаяУязвимости → CVE-2024-6047
9.8критическая

CVE-2024-6047

Описание

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Затрагиваемое ПО
Geovision Gv-dsp lpr firmwareGeovision Gv-dsp lprGeovision Gv-bx130 firmwareGeovision Gv-bx130Geovision Gv-bx1500 firmwareGeovision Gv-bx1500Geovision Gv-cb220 firmwareGeovision Gv-cb220Geovision Gv-ebl1100 firmwareGeovision Gv-ebl1100Geovision Gv-efd1100 firmwareGeovision Gv-efd1100Geovision Gv-fd2410 firmwareGeovision Gv-fd2410Geovision Gv-fd3400 firmwareGeovision Gv-fd3400Geovision Gv-fe3401 firmwareGeovision Gv-fe3401Geovision Gv-fe420 firmwareGeovision Gv-fe420Geovision Gv-gm8186 vs14 firmwareGeovision Gv-gm8186 vs14Geovision Gv-vs14 firmwareGeovision Gv-vs14Geovision Gv-vs03 firmware
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7883-f5635-1.htmlhttps://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlhttps://www.twcert.org.tw/tw/cp-132-7883-f5635-1.htmlhttps://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnethttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047