geovision CVE 脆弱性と CVE 一覧(28)

製品(CPE): — CVE 件数: 28

geovision 脆弱性概要

geovision 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に パス処理の欠陥 and vendor risk cross-site scripting などに関し、一部は ファイル上書き を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 120 / 28 CVE 件数
«« 先頭 « 前へ 1 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2026-7372 A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers 0df08a0e-a200-4957-9bb0-084f562506f9 9.0 0.46% 2026-05-03 2026-06-17
CVE-2026-7371 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page. 0df08a0e-a200-4957-9bb0-084f562506f9 7.4 0.20% 2026-05-03 2026-06-17
CVE-2026-7161 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with various Geovision devices on the network, the utility may send privileged commands; in order to do so, the username and password of the device need to be provided. In some instances the command is broadcaste 0df08a0e-a200-4957-9bb0-084f562506f9 9.3 0.19% 2026-05-03 2026-06-17
CVE-2026-42370 A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. 0df08a0e-a200-4957-9bb0-084f562506f9 9.0 0.45% 2026-05-03 2026-06-17
CVE-2026-42368 A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. 0df08a0e-a200-4957-9bb0-084f562506f9 9.9 0.31% 2026-05-03 2026-06-17
CVE-2026-42367 A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. 0df08a0e-a200-4957-9bb0-084f562506f9 6.5 0.27% 2026-05-03 2026-06-17
CVE-2026-42366 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. 0df08a0e-a200-4957-9bb0-084f562506f9 7.4 0.20% 2026-05-03 2026-06-17
CVE-2026-42365 A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. 0df08a0e-a200-4957-9bb0-084f562506f9 8.6 0.30% 2026-05-03 2026-06-17
CVE-2026-42364 An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. 0df08a0e-a200-4957-9bb0-084f562506f9 9.9 1.61% 2026-05-03 2026-06-17
CVE-2018-25118 GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC. [email protected] 10.0 1.32% 2025-10-20 2026-06-16
CVE-2024-12553 GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vuln [email protected] 6.5 0.57% 2024-12-13 2026-06-17
CVE-2024-11120 KEV Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. [email protected] 9.8 28.55% 2024-11-14 2026-06-17
CVE-2024-6047 KEV Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. [email protected] 9.8 10.07% 2024-06-17 2026-06-17
CVE-2022-46070 GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path. [email protected] 7.5 0.45% 2024-03-11 2026-06-17
CVE-2023-3638 In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. [email protected] 9.8 0.58% 2023-07-19 2026-06-17
CVE-2023-23059 An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. [email protected] 9.8 1.48% 2023-05-04 2026-07-08
CVE-2020-3931 Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command. [email protected] 9.8 1.77% 2020-07-08 2026-06-16
CVE-2020-3930 GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs. [email protected] 4.0 0.30% 2020-06-12 2026-06-16
CVE-2019-13408 A relative path traversal vulnerability found in Advan VD-1 firmware versions up to 230. It allows attackers to download arbitrary files via url cgibin/ExportSettings.cgi?Download=filepath, without any authentication. [email protected] 7.5 1.91% 2019-08-28 2026-06-16
CVE-2019-13407 A XSS found in Advan VD-1 firmware versions up to 230. VD-1 responses a path error message when a requested resource was not found in page cgibin/ssi.cgi. It leads to a reflected XSS because the error message does not escape properly. [email protected] 6.1 1.05% 2019-08-28 2026-06-16
«« 先頭 « 前へ 1 / 2 次へ »
cvelogic Threat Intelligence