Описание
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-6047
- https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047
- https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
- https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
Связанные уязвимости
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Уязвимость микропрограммного обеспечения систем видеонаблюдения GeoVision GV-DSP, GV-IPCAMD, GV-VS и GVLX 4, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы, позволяющая нарушителю выполнять произвольные команды