CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CVSS

No CVSS.

References

Link	Resource
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet	Exploit Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html	Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html	Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:geovision:gvlx_4:2.0:::::::*
	cpe:2.3:h:geovision:gvlx_4:3.0:::::::*

History

09 May 2025, 14:23

Type	Values Removed	Values Added
CPE		cpe:2.3:h:geovision:gvlx_4:2.0:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs2410:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs04h:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:::::::* cpe:2.3:o:geovision:gvlx_4_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:::::::* cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:::::::* cpe:2.3:o:geovision:gv_vs04a_firmware:-:::::::* cpe:2.3:h:geovision:gv_gm8186_vs14:-:::::::* cpe:2.3:o:geovision:gv_vs28xx_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs04a:-:::::::* cpe:2.3:h:geovision:gv-vs14_vs14:-:::::::* cpe:2.3:o:geovision:gv_vs216xx_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs03:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:::::::* cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:::::::* cpe:2.3:o:geovision:gv_vs04h_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:::::::* cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:::::::* cpe:2.3:h:geovision:gv_vs216xx:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:::::::* cpe:2.3:h:geovision:gv-dsp_lpr:2.0:::::::* cpe:2.3:o:geovision:gv_vs2410_firmware:-:::::::* cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:::::::* cpe:2.3:o:geovision:gv_vs03_firmware:-:::::::* cpe:2.3:h:geovision:gvlx_4:3.0:::::::* cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:::::::*
References	~~() https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html -~~	() https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - Third Party Advisory
References	~~() https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html -~~	() https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - Third Party Advisory
References	~~() https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet -~~	() https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - Exploit, Third Party Advisory
First Time		Geovision gv Vs28xx Firmware Geovision gv Ipcamd Gv Bx130 Geovision gv Ipcamd Gv Fe3401 Firmware Geovision gv-vs14 Vs14 Geovision Geovision gv Vs216xx Geovision gv Ipcamd Gv Bx1500 Firmware Geovision gv Ipcamd Gv Fd2410 Geovision gv-dsp Lpr Firmware Geovision gv Ipcamd Gv Cb220 Firmware Geovision gv Vs04h Geovision gv Vs03 Firmware Geovision gv Ipcamd Gv Fe420 Firmware Geovision gv Vs2410 Geovision gv Ipcamd Gv Fe3401 Geovision gv Ipcamd Gv Cb220 Geovision gv-dsp Lpr Geovision gv Ipcamd Gv Fe420 Geovision gv Ipcamd Gv Fd2410 Firmware Geovision gv Ipcamd Gv Bx1500 Geovision gv Ipcamd Gv Fd3400 Geovision gv Vs216xx Firmware Geovision gv Ipcamd Gv Ebl1100 Geovision gv Ipcamd Gv Efd1100 Geovision gv Vs04a Firmware Geovision gv Vs03 Geovision gv Ipcamd Gv Bx130 Firmware Geovision gv Gm8186 Vs14 Geovision gv-vs14 Vs14 Firmware Geovision gv Vs2410 Firmware Geovision gv Ipcamd Gv Efd1100 Firmware Geovision gv Vs04h Firmware Geovision gv Gm8186 Vs14 Firmware Geovision gv Ipcamd Gv Fd3400 Firmware Geovision gv Ipcamd Gv Ebl1100 Firmware Geovision gvlx 4 Firmware Geovision gv Vs04a Geovision gvlx 4

07 May 2025, 14:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown
CWE	~~CWE-78~~
References		() https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet -

17 Jun 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-17 06:15

Updated : 2025-05-09 14:23

NVD link : CVE-2024-6047

Mitre link : CVE-2024-6047

JSON object : View

Products Affected

geovision

gv-vs14_vs14
gv_ipcamd_gv_bx1500_firmware
gv_ipcamd_gv_cb220_firmware
gv_ipcamd_gv_fe420
gv_ipcamd_gv_fd3400
gv_ipcamd_gv_efd1100
gv_ipcamd_gv_fd2410
gv_vs28xx_firmware
gv_vs04h_firmware
gv_ipcamd_gv_cb220
gv_ipcamd_gv_fe420_firmware
gv-dsp_lpr_firmware
gv_gm8186_vs14_firmware
gv_vs04h
gv_ipcamd_gv_bx130
gv_ipcamd_gv_fd3400_firmware
gv_vs03
gv_vs216xx_firmware
gv_ipcamd_gv_efd1100_firmware
gv_ipcamd_gv_ebl1100
gv_ipcamd_gv_fe3401
gv-vs14_vs14_firmware
gvlx_4_firmware
gv_ipcamd_gv_ebl1100_firmware
gv_ipcamd_gv_fd2410_firmware
gvlx_4
gv_vs04a
gv_vs03_firmware
gv_vs216xx
gv_vs2410
gv_gm8186_vs14
gv-dsp_lpr
gv_ipcamd_gv_bx1500
gv_ipcamd_gv_fe3401_firmware
gv_ipcamd_gv_bx130_firmware
gv_vs2410_firmware
gv_vs04a_firmware

CWE

No CWE.

JSON object

Attach tags to CVE-2024-6047

Attach tags to `CVE-2024-6047`