Sign-up

ID

VAR-202406-0975


CVE

CVE-2024-6047


TITLE

plural  GeoVision  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-023897

DESCRIPTION

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. gv-dsp lpr firmware, GV_IPCAMD_GV_BX130 firmware, GV_IPCAMD_GV_BX1500 firmware etc. GeoVision The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-6047 // JVNDB: JVNDB-2024-023897

AFFECTED PRODUCTS

vendor:geovisionmodel:gv-ebl1100scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs2800scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-cb220scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-fe3401scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs04ascope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs2410scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs21600scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-bx1500scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-dsp lprscope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-bx130scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-gm8186 vs14scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-efd1100scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-fd2410scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-fe420scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs2820scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gvlx 4scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs04hscope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs14scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-fd3400scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-vs03scope:eqversion: -

Trust: 1.0

vendor:geovisionmodel:gv-dsp lprscope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv bx1500scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv fd3400scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv vs04ascope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv vs04hscope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv vs2410scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv vs28xxscope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv vs03scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv efd1100scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv ebl1100scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv fe420scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv vs216xxscope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv bx130scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gvlx 4scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv cb220scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv fe3401scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv-vs14 vs14scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv ipcamd gv fd2410scope: - version: -

Trust: 0.8

vendor:geovisionmodel:gv gm8186 vs14scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-023897 // NVD: CVE-2024-6047

CVSS

SEVERITY

CVSSV2

CVSSV3

twcert@cert.org.tw: CVE-2024-6047
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-023897
value: CRITICAL

Trust: 0.8

twcert@cert.org.tw: CVE-2024-6047
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-023897
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-023897 // NVD: CVE-2024-6047

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-023897 // NVD: CVE-2024-6047

EXTERNAL IDS

db:NVDid:CVE-2024-6047

Trust: 2.6

db:JVNDBid:JVNDB-2024-023897

Trust: 0.8

sources: JVNDB: JVNDB-2024-023897 // NVD: CVE-2024-6047

REFERENCES

url:https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

Trust: 1.8

url:https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

Trust: 1.8

url:https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

Trust: 1.8

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2024-6047

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-6047

Trust: 0.8

url:https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Trust: 0.8

sources: JVNDB: JVNDB-2024-023897 // NVD: CVE-2024-6047

SOURCES

db:JVNDBid:JVNDB-2024-023897
db:NVDid:CVE-2024-6047

LAST UPDATE DATE

2025-11-18T15:30:25.488000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-023897date:2025-05-16T07:47:00
db:NVDid:CVE-2024-6047date:2025-10-30T19:23:34.360

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-023897date:2025-05-16T00:00:00
db:NVDid:CVE-2024-6047date:2024-06-17T06:15:09.237