Unrated severityCISA KEVNVD Advisory· Published Nov 15, 2024· Updated Oct 21, 2025

GeoVision EOL devices - OS Command Injection

CVE-2024-11120

Description

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

Affected products

GeoVision/GV-VS12v5
Range: 0
GeoVision/GV-VS11v5
Range: 0
GeoVision/GV-DSP_LPR_V3v5
Range: 0
GeoVision/GVLX 4 V2v5
Range: 0
GeoVision/GVLX 4 V3v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.twcert.org.tw/en/cp-139-8237-26d7a-2.htmlmitrethird-party-advisory
www.twcert.org.tw/tw/cp-132-8236-d4836-1.htmlmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.053
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.000