TROYANOSYVIRUS
Voltar para CVEs

CVE-2024-6047

CRITICALCISA KEV
9.8

Descricao

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/17/2024
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorGeoVision
ProdutoMultiple Devices
Nome da vulnerabilidadeGeoVision Devices OS Command Injection Vulnerability
Data inclusao KEV2025-05-07
Prazo de remediacao2025-05-28
Uso em ransomwareUnknown

Produtos afetados

geovision:gv-bx130geovision:gv-bx130_firmwaregeovision:gv-bx1500geovision:gv-bx1500_firmwaregeovision:gv-cb220geovision:gv-cb220_firmwaregeovision:gv-dsp_lprgeovision:gv-dsp_lpr_firmwaregeovision:gv-ebl1100geovision:gv-ebl1100_firmwaregeovision:gv-efd1100geovision:gv-efd1100_firmwaregeovision:gv-fd2410geovision:gv-fd2410_firmwaregeovision:gv-fd3400geovision:gv-fd3400_firmwaregeovision:gv-fe3401geovision:gv-fe3401_firmwaregeovision:gv-fe420geovision:gv-fe420_firmwaregeovision:gv-gm8186_vs14geovision:gv-gm8186_vs14_firmwaregeovision:gv-vs03geovision:gv-vs03_firmwaregeovision:gv-vs04ageovision:gv-vs04a_firmwaregeovision:gv-vs04hgeovision:gv-vs04h_firmwaregeovision:gv-vs14geovision:gv-vs14_firmwaregeovision:gv-vs21600geovision:gv-vs21600_firmwaregeovision:gv-vs2410geovision:gv-vs2410_firmwaregeovision:gv-vs2800geovision:gv-vs2800_firmwaregeovision:gv-vs2820geovision:gv-vs2820_firmwaregeovision:gvlx_4geovision:gvlx_4_firmware

Fraquezas (CWE)

CWE-78

Referencias

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html(twcert@cert.org.tw)
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html(twcert@cert.org.tw)
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.