CVE-2024-11120

216.73.216.233

· Published 15/11/2024 02:15 · Modified 05/12/2024 15:30

Labels: CVE-2024-11120 2024-11-15 CVE-2024-11120 CWE-78 [email protected]

Essential information

Published: 15/11/2024 02:15
Modified: 05/12/2024 15:30
Author: —
Creator: —
CVSS: 9.8 CRITICAL (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

NVD status

Status: Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
geovision / gv-vs12 firmware	`cpe:2.3:o:geovision:gv-vs12_firmware:-:::::::*`
geovision / gv-vs12	`cpe:2.3:h:geovision:gv-vs12:-:::::::*`
geovision / gv-vs11 firmware	`cpe:2.3:o:geovision:gv-vs11_firmware:-:::::::*`
geovision / gv-vs11	`cpe:2.3:h:geovision:gv-vs11:-:::::::*`
geovision / gv-dsp lpr firmware	`cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:::::::*`
geovision / gv-dsp lpr	`cpe:2.3:h:geovision:gv-dsp_lpr:3.0:::::::*`
geovision / gvlx 4 firmware	`cpe:2.3:o:geovision:gvlx_4_firmware:-:::::::*`
geovision / gvlx 4	`cpe:2.3:h:geovision:gvlx_4:2.0:::::::*`
geovision / gvlx 4 firmware	`cpe:2.3:o:geovision:gvlx_4_firmware:-:::::::*`
geovision / gvlx 4	`cpe:2.3:h:geovision:gvlx_4:3.0:::::::*`