VYPR
Vendor

Geovision

Products
21
CVEs
44
Across products
55
Status
Private

Products

21

Recent CVEs

44
View all 44 CVEs →
  • CVE-2026-4606CriMar 23, 2026
    risk 0.65cvss epss 0.00

    GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.  During installation, ERM creates a Windows service that runs under the LocalSystem account.  …

  • CVE-2018-25118CriOct 20, 2025
    risk 0.65cvss epss 0.01

    GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the…

  • CVE-2026-42368CriMay 4, 2026
    risk 0.64cvss 9.9epss 0.00

    A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

  • CVE-2026-42364CriMay 4, 2026
    risk 0.64cvss 9.9epss 0.02

    An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

  • CVE-2025-26264HigFeb 27, 2025
    risk 0.63cvss 8.8epss 0.18

    GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary…

  • CVE-2024-56898HigFeb 3, 2025
    risk 0.61cvss 8.8epss 0.02

    Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

  • CVE-2026-7161CriMay 4, 2026
    risk 0.60cvss 9.3epss 0.00

    An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When…

  • CVE-2026-42363CriApr 27, 2026
    risk 0.60cvss 9.3epss 0.00

    An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When…

  • CVE-2024-56901HigFeb 3, 2025
    risk 0.60cvss 8.8epss 0.02

    A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a…

  • CVE-2026-7372CriMay 4, 2026
    risk 0.59cvss 9.0epss 0.00

    A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. ####…

  • CVE-2026-42370CriMay 4, 2026
    risk 0.59cvss 9.0epss 0.01

    A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

  • CVE-2026-7841HigMay 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to…

  • CVE-2026-42365HigMay 4, 2026
    risk 0.56cvss 8.6epss 0.00

    A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

  • CVE-2024-56902HigFeb 3, 2025
    risk 0.54cvss 7.5epss 0.21

    Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.

  • CVE-2024-56903HigFeb 3, 2025
    risk 0.53cvss 8.1epss 0.00

    Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.

  • CVE-2026-7371HigMay 4, 2026
    risk 0.48cvss 7.4epss 0.00

    Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to…

  • CVE-2026-42366HigMay 4, 2026
    risk 0.48cvss 7.4epss 0.00

    Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to…

  • CVE-2026-42367MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

  • CVE-2021-47795MedJan 16, 2026
    risk 0.40cvss 6.2epss 0.01

    GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection…

  • CVE-2025-26263MedFeb 28, 2025
    risk 0.36cvss 5.1epss 0.01

    GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.