GeoVision EOL device security update advisory
Overview
An update has been released to address vulnerabilities in the GeoVision EOL device. Users of the affected versions are advised to update to the latest version.
Affected Products
DSP LPR GV_DSP_LPR_V2
IP Camera GV_IPCAMD_GV_BX1500
IP Camera GV_IPCAMD_GV_CB220
IP Camera GV_IPCAMD_GV_EBL1100
IP Camera GV_IPCAMD_GV_EFD1100
IP Camera GV_IPCAMD_GV_FD2410
IP Camera GV_IPCAMD_GV_FD3400
IP Camera GV_IPCAMD_GV_FE3401
IP Camera GV_IPCAMD_GV_FE420
Video Server GV-VS14_VS14
Video Server GV_VS03
Video Server GV_VS2410
Video Server GV_VS28XX
Video Server GV_VS216XX
Video Server GV VS04A
Video Server GV VS04H
DVR GVLX 4 V2
DVR GVLX 4 V3
Resolved Vulnerabilities
System command injection and execution vulnerability due to failure to properly filter user input on certain EOL GeoVision devices (CVE-2024-6047)
Vulnerability Patches
Please retire affected devices, as the product is at least no longer supported.
Referenced Sites
[1] CVE-2024-6047 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-6047
[2] GeoVision EOL device – OS Command Injection