VYPR

Vendor CVEs

Geovision

All CVEs

44 total · sorted by risk
  • CVE-2026-4606CriMar 23, 2026
    risk 0.65cvss epss 0.00

    GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.  During installation, ERM creates a Windows service that runs under the LocalSystem account.  …

  • CVE-2018-25118CriOct 20, 2025
    risk 0.65cvss epss 0.01

    GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the…

  • CVE-2026-42368CriMay 4, 2026
    risk 0.64cvss 9.9epss 0.00

    A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

  • CVE-2026-42364CriMay 4, 2026
    risk 0.64cvss 9.9epss 0.02

    An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

  • CVE-2025-26264HigFeb 27, 2025
    risk 0.63cvss 8.8epss 0.18

    GeoVision GV-ASWeb with the version 6.1.2.0 or less (fixed in 6.2.0), contains a Remote Code Execution (RCE) vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary…

  • CVE-2024-56898HigFeb 3, 2025
    risk 0.61cvss 8.8epss 0.02

    Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.

  • CVE-2026-7161CriMay 4, 2026
    risk 0.60cvss 9.3epss 0.00

    An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When…

  • CVE-2026-42363CriApr 27, 2026
    risk 0.60cvss 9.3epss 0.00

    An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When…

  • CVE-2024-56901HigFeb 3, 2025
    risk 0.60cvss 8.8epss 0.02

    A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a…

  • CVE-2026-7372CriMay 4, 2026
    risk 0.59cvss 9.0epss 0.00

    A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. ####…

  • CVE-2026-42370CriMay 4, 2026
    risk 0.59cvss 9.0epss 0.01

    A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

  • CVE-2026-7841HigMay 6, 2026
    risk 0.57cvss 8.8epss 0.01

    A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by sending a crafted HTTP POST request to the ASWebCommon.srf backend endpoint to…

  • CVE-2026-42365HigMay 4, 2026
    risk 0.56cvss 8.6epss 0.00

    A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

  • CVE-2024-56902HigFeb 3, 2025
    risk 0.54cvss 7.5epss 0.21

    Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.

  • CVE-2024-56903HigFeb 3, 2025
    risk 0.53cvss 8.1epss 0.00

    Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.

  • CVE-2026-7371HigMay 4, 2026
    risk 0.48cvss 7.4epss 0.00

    Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to…

  • CVE-2026-42366HigMay 4, 2026
    risk 0.48cvss 7.4epss 0.00

    Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to…

  • CVE-2026-42367MedMay 4, 2026
    risk 0.42cvss 6.5epss 0.00

    A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

  • CVE-2021-47795MedJan 16, 2026
    risk 0.40cvss 6.2epss 0.01

    GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection…

  • CVE-2025-26263MedFeb 28, 2025
    risk 0.36cvss 5.1epss 0.01

    GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.

  • CVE-2024-6047KEVJun 17, 2024
    risk 0.18cvss epss 0.10

    Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

  • CVE-2009-1092Mar 25, 2009
    risk 0.04cvss epss 0.09

    Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments.

  • CVE-2009-5087Sep 12, 2011
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request.

  • CVE-2009-0865Mar 10, 2009
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX…

  • CVE-2005-1552May 14, 2005
    risk 0.03cvss epss 0.03

    GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.

  • CVE-2026-12851Jun 24, 2026
    risk 0.00cvss epss 0.02

    Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so`…

  • CVE-2026-12850Jun 24, 2026
    risk 0.00cvss epss 0.02

    Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so`…

  • CVE-2026-12849Jun 24, 2026
    risk 0.00cvss epss 0.02

    Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so`…

  • CVE-2026-12486Jun 24, 2026
    risk 0.00cvss epss 0.02

    Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so`…

  • CVE-2026-12848Jun 24, 2026
    risk 0.00cvss epss 0.00

    GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service…

  • CVE-2026-12847Jun 24, 2026
    risk 0.00cvss epss 0.00

    GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service…

  • CVE-2026-12485Jun 24, 2026
    risk 0.00cvss epss 0.00

    GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service…

  • CVE-2026-12488Jun 24, 2026
    risk 0.00cvss epss 0.00

    A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.  A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.

  • CVE-2024-12553Dec 13, 2024
    risk 0.00cvss epss 0.01

    GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability,…

  • CVE-2022-46070Mar 11, 2024
    risk 0.00cvss epss 0.00

    GV-ASManager V6.0.1.0 contains a Local File Inclusion vulnerability in GeoWebServer via Path.

  • CVE-2023-3638Jul 19, 2023
    risk 0.00cvss epss 0.01

    In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.

  • CVE-2023-23059May 4, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges.

  • CVE-2020-3931Jul 8, 2020
    risk 0.00cvss epss 0.02

    Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.

  • CVE-2020-3930Jun 12, 2020
    risk 0.00cvss epss 0.00

    GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.

  • CVE-2020-3929Jun 12, 2020
    risk 0.00cvss epss 0.01

    GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.

  • CVE-2020-3928Jun 12, 2020
    risk 0.00cvss epss 0.01

    GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.

  • CVE-2005-1553May 14, 2005
    risk 0.00cvss epss 0.01

    GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.

  • CVE-2004-2100Dec 31, 2004
    risk 0.00cvss epss 0.01

    GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).

  • CVE-2004-2101Dec 31, 2004
    risk 0.00cvss epss 0.02

    The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.