Lucene search
K

25 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-39632

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a...

7.5CVSS5.8AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-57874

The CVE-2026-57874 entry describes an unauthenticated buffer overflow in GeoVision devices (GV-LPC2011 and GV-LPC2211; affected firmware V1.12 and earlier) via IEEE8021x_upload.cgi. The issue stems from insufficient bounds checking when parsing filename values in multipart upload data, enabling a...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 5:17 a.m.8 views

CVE-2026-12850

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:40 a.m.7 views

EUVD-2026-38653

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.32 views

CVE-2026-12851 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.01684EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:40 a.m.7 views

EUVD-2026-38652

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:40 a.m.12 views

CVE-2026-12850

CVE-2026-12850 affects GeoVision GV-I/O Box 4E (version 2.09) via the internal library libNetSetObj.so . The CVE documents multiple OS command injection vulnerabilities, notably in CNetSetObj::m_F_n_Set_Gate_way (and related IP, NetMask, DNS, and gateway setters). The vulnerable functions take at...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:40 a.m.7 views

EUVD-2026-38651

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.34 views

CVE-2026-12849 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.01684EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:40 a.m.9 views

EUVD-2026-38650

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.33 views

CVE-2026-12847 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00427EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:34 a.m.8 views

CVE-2026-12846

CVE-2026-12846 affects GV-I/O Box 4E (DVRSearch CMD_IP_SET buffer overflow). Connected sources confirm multiple attacker-controlled overflows in CMD_IP_SET (e.g., Net Mask field, IP field, Gateway, DNS) via UDP on port 10001, enabling arbitrary code execution on vulnerable versions (notably GV-I/...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51655

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description Multiple OS command injection issues exist within the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending ...

9.1CVSS6.1AI score0.0172EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51662

Name of the Vulnerable Software and Affected Versions GeoVision GV-I/O Box 4E version 2.09 Description OS command injection flaws exist in the libNetSetObj.so internal library, which is used to configure the network stack. A remote attacker can execute arbitrary commands by sending a specially...

9.1CVSS6.1AI score0.01684EPSS
Exploits0References6
Talos
Talos
added 2026/06/15 12:0 a.m.6 views

GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

Summary A insufficient encryption vulnerability exists in the Device Authentication functionality of GV-IP Device Utility versions: 9.0.5. A specially crafted network sniffing can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. Confirmed...

9.3CVSS5.6AI score0.00214EPSS
Exploits0
Talos
Talos
added 2026/06/15 12:0 a.m.6 views

GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability

Summary A guessable session cookie vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. Confirmed...

8.6CVSS5.5AI score0.00329EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.8 views

CVE-2026-42363

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.6AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 1:16 a.m.19 views

CVE-2026-42366

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS0.00196EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 12:39 a.m.4 views

CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 12:39 a.m.24 views

EUVD-2026-26862

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References2
Rows per page
Query Builder