← Retour aux CVEs
CVE-2026-42370
CRITICAL9.0
Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Details CVE
Score CVSS v3.19.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie5/4/2026
Derniere modification5/5/2026
Sourcenvd
Observations honeypot0
Produits affectes
geovision:gv-vmsgeovision:gv-vms_firmware
Faiblesses (CWE)
CWE-787
References
https://talosintelligence.com/vulnerability_reports/(0df08a0e-a200-4957-9bb0-084f562506f9)
https://www.geovision.com.tw/cyber_security.php(0df08a0e-a200-4957-9bb0-084f562506f9)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.