← Back to CVEs
CVE-2026-42370
CRITICAL9.0
Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
CVE Details
CVSS v3.1 Score9.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published5/4/2026
Last Modified5/5/2026
Sourcenvd
Honeypot Sightings0
Affected Products
geovision:gv-vmsgeovision:gv-vms_firmware
Weaknesses (CWE)
CWE-787
References
https://talosintelligence.com/vulnerability_reports/(0df08a0e-a200-4957-9bb0-084f562506f9)
https://www.geovision.com.tw/cyber_security.php(0df08a0e-a200-4957-9bb0-084f562506f9)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.