CVE-2024-6047

critical

Description

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

References

Advisories
Exploits

https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html

https://securityaffairs.com/177599/security/u-s-cisa-adds-govision-device-flaws-to-its-known-exploited-vulnerabilities-catalog.html

https://www.cisa.gov/news-events/alerts/2025/05/07/cisa-adds-two-known-exploited-vulnerabilities-catalog

https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html

Details

Source: Mitre, NVD

Published: 2024-06-17

Updated: 2025-05-09

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H