KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2024-11120

PUBLISHED

GeoVision EOL devices - OS Command Injection

Exploited in the wild Remote Low complexity No user interaction

Vendor: GeoVision
Product: GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2, GVLX 4 V3
Published: Nov 15, 2024
EPSS: 66.1% · 99% pctl

Description

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

cisa

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-05-07 06:18:12 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE	May 07, 2025
CISA	Jun 02, 2026

Timeline

CVE ID Reserved

November 12, 2024
CVE Published to Public

November 15, 2024
Added to KEVIntel

May 07, 2025
Added to KEVIntel

June 02, 2026