← Volver a CVEs
CVE-2026-42370
CRITICAL9.0
Descripcion
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Detalles CVE
Puntuacion CVSS v3.19.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/4/2026
Ultima modificacion5/5/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
geovision:gv-vmsgeovision:gv-vms_firmware
Debilidades (CWE)
CWE-787
Referencias
https://talosintelligence.com/vulnerability_reports/(0df08a0e-a200-4957-9bb0-084f562506f9)
https://www.geovision.com.tw/cyber_security.php(0df08a0e-a200-4957-9bb0-084f562506f9)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.