CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2024-11120

CVSS 9.8v3.1pub. 2024-11-15upd. 2025-10-30

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

🤖 AI Analysis
How it works

The vulnerability results from a lack of proper input filtering of data passed to device system functions (CWE-78 — OS Command Injection). An unauthenticated attacker can remotely send a crafted request containing malicious system commands that are executed directly by the device's operating system. The lack of any authentication requirement makes the attack possible for any user with network access to the device. Active exploitation of this vulnerability has been confirmed in production environments.

Impact

An attacker can gain full control of the device by executing arbitrary system commands, threatening the confidentiality, integrity, and availability of data and the device itself. The consequence may be the incorporation of the device into a botnet or its use as an entry point for further attacks on the network.

Mitigation & patch

The manufacturer no longer issues updates for EOL devices — it is recommended to immediately isolate these devices from the public and internal network or replace them with currently supported models. Access to management interfaces should be restricted exclusively to trusted IP addresses using a firewall or VPN. Detailed recommendations are available at the addresses indicated by TWCERT and CISA.

Who is affected

GeoVision devices in EOL status (end of support): GV-VS12 (with firmware), GV-VS11 (with firmware), and GV-DSP LPR (with firmware). Specific firmware versions are indicated in the manufacturer's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Geovision Gv Dsp Lpr

    HW
    Geovision
    3.0
  • Geovision Gv Dsp Lpr Firmware

    OS
    Geovision
    wszystkie wersje
  • Geovision Gvlx 4

    HW
    Geovision
    2.03.0
  • Geovision Gvlx 4 Firmware

    OS
    Geovision
    wszystkie wersje
  • Geovision Gv Vs11

    HW
    Geovision
    wszystkie wersje
  • Geovision Gv Vs11 Firmware

    OS
    Geovision
    wszystkie wersje
  • Geovision Gv Vs12

    HW
    Geovision
    wszystkie wersje
  • Geovision Gv Vs12 Firmware

    OS
    Geovision
    wszystkie wersje

CISA KEV — detailsi

Vendori
GeoVision
Producti
Multiple Devices
Added to KEVi
May 7, 2025
Remediation deadline (US Federal)i
May 28, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 28 maja 2025
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2024-6047CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Command injection w urządzeniach GeoVision EOL — zdalne wykonanie poleceń

CVE-2026-42370CRITICAL9.0PL ✓ten sam vendor

Stack overflow w GeoVision GV-VMS — nieuwierzytelnione RCE przez WebCam Server

CVE-2026-42364CRITICAL9.9PL ✓ten sam vendor

Command injection w GeoVision LPC2011/LPC2211 via konfiguracja DDNS

CVE-2026-42368CRITICAL9.9PL ✓ten sam vendor

Privilege escalation w interfejsie Web GeoVision LPC2011/LPC2211

CVE-2026-7161CRITICAL9.3PL ✓ten sam vendor

Wyciek poświadczeń przez słabe szyfrowanie w GeoVision GV-IP Device Utility