CVE-2024-6047

CRITICAL KEV

Geovision Gv-dsp Lpr Firmware - OS Command Injection

Title source: rule

Description

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

References (4)

[Third Party Advisory] https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

[Third Party Advisory] https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

[Exploit, Third Party Advisory] https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047

Scores

CVSS v3 9.8

EPSS 0.7297

EPSS Percentile 98.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-05-07

VulnCheck KEV 2024-09-04

ENISA EUVD EUVD-2024-47205

CWE

CWE-78

Status published

Products (20)

geovision/gv-bx130_firmware

geovision/gv-bx1500_firmware

geovision/gv-cb220_firmware

geovision/gv-dsp_lpr_firmware

geovision/gv-ebl1100_firmware

geovision/gv-efd1100_firmware

geovision/gv-fd2410_firmware

geovision/gv-fd3400_firmware

geovision/gv-fe3401_firmware

geovision/gv-fe420_firmware

... and 10 more

Published Jun 17, 2024

KEV Added May 07, 2025

Tracked Since Feb 18, 2026