CVE-2018-25118

🗓️ 20 Oct 2025 21:14:41Reported by VulnCheckType

GeoVision devices allow remote command execution via PictureCatch.cgi on GV-BX1500 and GV-MFD1501.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2018-25118	20 Oct 202522:01	–	circl
CNNVD	GeoVision GV-BX1500和GeoVision GV-MFD1501 安全漏洞	20 Oct 202500:00	–	cnnvd
Cvelist	CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi	20 Oct 202521:14	–	cvelist
EUVD	EUVD-2018-21605	21 Oct 202500:30	–	euvd
NVD	CVE-2018-25118	20 Oct 202522:15	–	nvd
OpenVAS	Geovision Inc. IP Camera Multiple Vulnerabilities	8 Feb 201800:00	–	openvas
RedhatCVE	CVE-2018-25118	21 Oct 202521:29	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2018-25118	20 Oct 202500:00	–	vulncheck_kev
Vulnrichment	CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi	20 Oct 202521:14	–	vulnrichment

CNA

Node

geovision gv-bx1500_firmwareMatch-

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "GeoVision web services (PictureCatch.cgi)"
    ],
    "product": "GV-BX1500",
    "vendor": "GeoVision Inc.",
    "versions": [
      {
        "lessThan": "November/December 2017 firmware",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "GeoVision web services (PictureCatch.cgi)"
    ],
    "product": "GV-MFD1501",
    "vendor": "GeoVision Inc.",
    "versions": [
      {
        "lessThan": "November/December 2017 firmware",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "GeoVision web services (PictureCatch.cgi)"
    ],
    "product": "GeoVision embedded IP devices",
    "vendor": "GeoVision Inc.",
    "versions": [
      {
        "lessThan": "November/December 2017 firmware",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
exploit-db	www.exploit-db.com/exploits/43982
github	www.github.com/mcw0/PoC/blob/fb06efe05b7e240dc88ff31eb30e1ef345509dce/Geovision-PoC.py
vulncheck	www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi
cisa	www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
geovision	www.geovision.com.tw/blog/

15 Apr 2026 00:35Current

8High risk

Vulners AI Score8

CVSS 410

EPSS0.00599

SSVC