{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6047","assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","state":"PUBLISHED","assignerShortName":"twcert","dateReserved":"2024-06-17T02:00:24.960Z","datePublished":"2024-06-17T05:48:42.779Z","dateUpdated":"2025-10-21T22:56:21.904Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"GV_DSP_LPR_V2","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_BX1500","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_CB220","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_EBL1100","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_EFD1100","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_FD2410","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_FD3400","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_FE3401","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_FE420","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV-VS14_VS14","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_VS03","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_VS2410","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_VS28XX","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_VS216XX","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV VS04A","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV VS04H","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GVLX 4 V2","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GVLX 4 V3","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_IPCAMD_GV_BX130","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]},{"defaultStatus":"unaffected","product":"GV_GM8186_VS14","vendor":"GeoVision","versions":[{"status":"affected","version":"all"}]}],"datePublic":"2024-06-17T05:48:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."}],"value":"Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."}],"impacts":[{"capecId":"CAPEC-88","descriptions":[{"lang":"en","value":"CAPEC-88 OS Command Injection"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-78","description":"CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert","dateUpdated":"2024-07-17T07:33:54.631Z"},"references":[{"tags":["third-party-advisory"],"url":"https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"},{"tags":["third-party-advisory"],"url":"https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"All affected products are no longer in surport. Please retire or replace them."}],"value":"All affected products are no longer in surport. Please retire or replace them."}],"source":{"advisory":"TVN-202406015","discovery":"EXTERNAL"},"tags":["unsupported-when-assigned"],"title":"GeoVision EOL device - OS Command Injection","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-6047","role":"CISA Coordinator","options":[{"Exploitation":"active"},{"Automatable":"yes"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-05-07T17:12:10.191958Z"}}},{"other":{"type":"kev","content":{"dateAdded":"2025-05-07","reference":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047"}}}],"affected":[{"cpes":["cpe:2.3:h:geovision:gv-dsp_lpr_v2:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-dsp_lpr_v2","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-bx1500:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-bx1500","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-cb220:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-cb220","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-ebl1100:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-ebl1100","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-efd1100:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-efd1100","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-fd2410:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-fd2410","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-fd3400:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-fd3400","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-fd3401:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-fd3401","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-fe420:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-fe420","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs14:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs14","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs03:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs03","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs2410:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs2410","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs04a:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs04a","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs04h:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs04h","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-lx_4_v2:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-lx_4_v2","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-lx_4_v3:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-lx_4_v3","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs28xx:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs28xx","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"},{"cpes":["cpe:2.3:h:geovision:gv-vs216xx:0:*:*:*:*:*:*:*"],"vendor":"geovision","product":"gv-vs216xx","versions":[{"status":"affected","version":"0","lessThan":"*","versionType":"custom"}],"defaultStatus":"unknown"}],"references":[{"url":"https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047","tags":["government-resource"]}],"timeline":[{"time":"2025-05-07T00:00:00.000Z","lang":"en","value":"CVE-2024-6047 added to CISA KEV"}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-21T22:56:21.904Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:25:03.254Z"},"title":"CVE Program Container","references":[{"tags":["third-party-advisory","x_transferred"],"url":"https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"},{"tags":["third-party-advisory","x_transferred"],"url":"https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"}]}]}}