CVE-2024-11120: GeoVision EOL devices - OS Command Injection
First published: Fri Nov 15 2024(Updated: )
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Geovision Gv-vs12 Firmware | ||
| Geovision Gv-vs12 Firmware | ||
| All of | ||
| Geovision Gv-vs11 Firmware | ||
| Geovision Gv-vs11 Firmware | ||
| All of | ||
| Geovision Gv-dsp Lpr Firmware | ||
| Geovision Gv-dsp Lpr Firmware | =3.0 | |
| All of | ||
| Geovision GVLX 4 | ||
| Geovision GVLX 4 Firmware | =2.0 | |
| All of | ||
| Geovision GVLX 4 | ||
| Geovision GVLX 4 Firmware | =3.0 | |
| GeoVision Multiple Devices |
Remedy
The affected devices are no longer being maintained. It is recommended to replace them.
Remedy
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/botnet-exploits-geovision-zero-day-to-install-mirai-malware/
- https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html
- https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html
- https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
- https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf
- https://nvd.nist.gov/vuln/detail/CVE-2024-11120
Frequently Asked Questions
What is the severity of CVE-2024-11120?
CVE-2024-11120 is classified as a high severity vulnerability due to its potential for unauthenticated remote command execution.
How do I fix CVE-2024-11120?
To fix CVE-2024-11120, update affected GeoVision devices to the latest firmware version provided by the manufacturer.
What types of devices are affected by CVE-2024-11120?
CVE-2024-11120 affects certain EOL (end-of-life) GeoVision devices, including models GV-VS11, GV-VS12, and GV-DSP LPR.
Can CVE-2024-11120 be exploited remotely?
Yes, CVE-2024-11120 can be exploited remotely by unauthenticated attackers to execute arbitrary system commands.
Has CVE-2024-11120 been actively exploited in the wild?
Yes, CVE-2024-11120 has been reported to have already been exploited by attackers to install malware.
- agent/title
- agent/weakness
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-11120
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/source
- agent/remedy
- agent/description
- agent/trending
- agent/event
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- agent/last-modified-date
- collector/cisa-known-exploited
- source/CISA
- exploited/true
- vendor/geovision
- canonical/geovision gv-vs12 firmware
- canonical/geovision gv-vs11 firmware
- canonical/geovision gv-dsp lpr firmware
- version/geovision gv-dsp lpr firmware/3.0
- canonical/geovision gvlx 4
- canonical/geovision gvlx 4 firmware
- version/geovision gvlx 4 firmware/2.0
- version/geovision gvlx 4 firmware/3.0
- canonical/geovision multiple devices