KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2024-6047

PUBLISHED

GeoVision EOL device - OS Command Injection

Exploited in the wild Remote Low complexity No user interaction

Vendor: GeoVision
Product: GV_DSP_LPR_V2, GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420, GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H, GVLX 4 V2, GVLX 4 V3, GV_IPCAMD_GV_BX130, GV_GM8186_VS14
Published: Jun 17, 2024
EPSS: 73.0% · 99% pctl

Description

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

cisa

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-05-07 06:18:12 UTC · Source

SSVC decision points

Exploitation: active
Automatable: Yes
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE	May 07, 2025
CISA	Jun 02, 2026

Timeline

CVE ID Reserved

June 17, 2024
CVE Published to Public

June 17, 2024
Added to KEVIntel

May 07, 2025
Added to KEVIntel

June 02, 2026