Lucene search
K

23 matches found

NVD
NVD
added 2026/07/02 4:17 a.m.7 views

CVE-2026-57277

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.0028EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:16 a.m.10 views

CVE-2026-57875

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS0.01266EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:17 a.m.20 views

CVE-2026-57881

CVE-2026-57881 refers to an unauthenticated, stack-based buffer overflow in GeoVision’s vlsvr used by GV-LPC2011/LPC2211 (V1.12 and earlier). The issue stems from insufficient length validation when processing remote login data, allowing a remote attacker to send crafted input that may cause memo...

9.8CVSS6.2AI score0.00376EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.37 views

CVE-2026-57879 GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by...

9.8CVSS0.0053EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:17 a.m.18 views

CVE-2026-57879

CVE-2026-57879 is an unauthenticated, stack-based buffer overflow in the ssvr component of GeoVision GV-LPC2011 and GV-LPC2211 (versions 1.12 and earlier). The issue stems from insufficient bounds checking when processing RTSP custom authentication data. An attacker could send a crafted RTSP requ...

9.8CVSS6.1AI score0.0053EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.39 views

CVE-2026-57878 GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS0.00531EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 7:17 a.m.21 views

CVE-2026-57877

Geovision GV-LPC2011/LPC2211 devices running vlsvr (affected firmware V1.12 and earlier) expose an unauthenticated format-string vulnerability in log message handling during login. The issue arises from improper handling of externally controlled input in the login processing path, potentially all...

8.6CVSS5.8AI score0.00247EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:40 a.m.9 views

CVE-2026-12851

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.01684EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.34 views

CVE-2026-12850 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:40 a.m.9 views

CVE-2026-12486

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS5.9AI score0.0172EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 3:40 a.m.34 views

CVE-2026-12486 GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. libNetSetObj.so is an internal library...

9.1CVSS0.0172EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 3:34 a.m.15 views

CVE-2026-12847

GV-I/O Box 4E DVRSearch CMD_IP_SET buffer overflow vulnerabilities (CVE-2026-12847) affect GV-I/O Box 4E (version 2.09). The issues involve attacker-controlled fields (gateway, IP, net mask, DNS) in UDP-based DVRSearch handling on port 10001, leading to stack-based buffer overflows and potential ...

10CVSS6.2AI score0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 3:34 a.m.33 views

CVE-2026-12485 GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with i...

10CVSS0.00436EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 3:34 a.m.9 views

EUVD-2026-38645

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:34 a.m.8 views

CVE-2026-12488

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability...

6.2CVSS5.9AI score0.00197EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:43 a.m.2 views

CVE-2026-42367

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability...

6.5CVSS5.8AI score0.00271EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/04 12:42 a.m.9 views

EUVD-2026-26857

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:39 a.m.9 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35277

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leakage of administrator credentials. When the utility sends privileged commands to devices over UDP...

9.3CVSS5.4AI score0.00186EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/01/16 11:31 p.m.5 views

CVE-2021-47795

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access...

8.7CVSS8.4AI score0.00876EPSS
Exploits0References1
Rows per page
Query Builder