CVE-2024-11120
CRITICAL KEVGeoVision EOL Devices - Unauthenticated OS Command Injection
Title source: llmExploitation Summary
CVE-2024-11120 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 7, 2025.
Description
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
References (4)
Core 4
Core References
Exploit, Third Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html
Third Party Advisory third-party-advisory
https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html
Scores
CVSS v3
9.8
EPSS
0.6614
EPSS Percentile
98.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
yes
Technical Impact
total
Details
CISA KEV
2025-05-07
VulnCheck KEV
2024-11-15
ENISA EUVD
EUVD-2024-33664
CWE
CWE-78
Status
published
Products (4)
geovision/gv-dsp_lpr_firmware
geovision/gv-vs11_firmware
geovision/gv-vs12_firmware
geovision/gvlx_4_firmware
Published
Nov 15, 2024
KEV Added
May 07, 2025
Tracked Since
Feb 18, 2026