CVE-2026-12847

CRITICAL

GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

Title source: cna
STIX 2.1

Description

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Gateway field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v7 = strlen(g_network_config->gateway); memcpy(&reply_buf[216], g_network_config->gateway, v7);

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
https://www.geovision.com.tw/cyber_security.php

Scores

CVSS v3 10.0
EPSS 0.0043
EPSS Percentile 34.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-121
Status published
Products (2)
GeoVision Inc./GV-I/O Box 4E V2.09
GeoVision Inc./GV-I/O Box 4E v2.12
Published Jun 24, 2026
Tracked Since Jun 24, 2026