CVE-2024-6047 — CRITICAL (9.8)

Vulnerability Description

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Geovision	Gv-Dsp Lpr Firmware	-
Geovision	Gv-Dsp Lpr	2.0
Geovision	Gv-Bx130 Firmware	-
Geovision	Gv-Bx130	-
Geovision	Gv-Bx1500 Firmware	-
Geovision	Gv-Bx1500	-
Geovision	Gv-Cb220 Firmware	-
Geovision	Gv-Cb220	-
Geovision	Gv-Ebl1100 Firmware	-
Geovision	Gv-Ebl1100	-
Geovision	Gv-Efd1100 Firmware	-
Geovision	Gv-Efd1100	-
Geovision	Gv-Fd2410 Firmware	-
Geovision	Gv-Fd2410	-
Geovision	Gv-Fd3400 Firmware	-
Geovision	Gv-Fd3400	-
Geovision	Gv-Fe3401 Firmware	-
Geovision	Gv-Fe3401	-
Geovision	Gv-Fe420 Firmware	-
Geovision	Gv-Fe420	-

Related Weaknesses (CWE)

CWE-78

References

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlThird Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.htmlThird Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.htmlThird Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.htmlThird Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovisioExploitThird Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource

FAQ

What is CVE-2024-6047?

CVE-2024-6047 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system ...

How severe is CVE-2024-6047?

CVE-2024-6047 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-6047?

Check the references section above for vendor advisories and patch information. Affected products include: Geovision Gv-Dsp Lpr Firmware, Geovision Gv-Dsp Lpr, Geovision Gv-Bx130 Firmware, Geovision Gv-Bx130, Geovision Gv-Bx1500 Firmware.