CRITICAL🇵🇱 Wersja polska

CVE-2026-42370

CVSS 9.0v3.1pub. 2026-05-04upd. 2026-06-15

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Geovision Gv Vms

    HW
    Geovision
    20
  • Geovision Gv Vms Firmware

    OS
    Geovision
    < 21.0.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-7372CRITICAL9.0PL ✓ten sam produkt

Stack overflow w GeoVision GV-VMS — niezautoryzowane RCE przez WebCam Server

CVE-2024-11120CRITICAL9.8⚠ KEVPL ✓ten sam vendor

OS Command Injection w urządzeniach GeoVision — zdalne wykonanie poleceń bez uwierzytelnienia

CVE-2024-6047CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Command injection w urządzeniach GeoVision EOL — zdalne wykonanie poleceń

CVE-2026-42364CRITICAL9.9PL ✓ten sam vendor

Command injection w GeoVision LPC2011/LPC2211 via konfiguracja DDNS

CVE-2026-42368CRITICAL9.9PL ✓ten sam vendor

Privilege escalation w interfejsie Web GeoVision LPC2011/LPC2211