CVE-2026-12846
CRITICALGeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
Title source: cnaDescription
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Net Mask field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v6 = strlen(g_network_config->net_mask); memcpy(&reply_buf[184], g_network_config->net_mask, v6);
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://www.geovision.com.tw/cyber_security.php
Third Party Advisory third-party-advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377
Scores
CVSS v3
10.0
EPSS
0.0043
EPSS Percentile
34.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-121
Status
published
Products (2)
GeoVision Inc./GV-I/O Box 4E
V2.09
GeoVision Inc./GV-I/O Box 4E
v2.12
Published
Jun 24, 2026
Tracked Since
Jun 24, 2026