CVE-2024-6047

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6047

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

C

ertain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

References
Link Resource
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
History

30 Oct 2025, 19:23

Type Values Removed Values Added
CPE cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*		 cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - US Government Resource
First Time Geovision gv-cb220
Geovision gv-vs2800 Firmware
Geovision gv-vs03 Firmware
Geovision gv-bx1500
Geovision gv-efd1100
Geovision gv-bx130 Firmware
Geovision gv-fe3401
Geovision gv-vs14 Firmware
Geovision gv-fe420 Firmware
Geovision gv-vs04a Firmware
Geovision gv-vs03
Geovision gv-gm8186 Vs14 Firmware
Geovision gv-vs2410
Geovision gv-fd2410 Firmware
Geovision gv-fe420
Geovision gv-ebl1100
Geovision gv-vs04a
Geovision gv-vs04h Firmware
Geovision gv-efd1100 Firmware
Geovision gv-fd3400 Firmware
Geovision gv-vs14
Geovision gv-gm8186 Vs14
Geovision gv-vs2410 Firmware
Geovision gv-cb220 Firmware
Geovision gv-fe3401 Firmware
Geovision gv-bx130
Geovision gv-ebl1100 Firmware
Geovision gv-vs2800
Geovision gv-bx1500 Firmware
Geovision gv-vs2820 Firmware
Geovision gv-fd3400
Geovision gv-vs04h
Geovision gv-vs21600
Geovision gv-vs2820
Geovision gv-vs21600 Firmware
Geovision gv-fd2410

21 Oct 2025, 23:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 -

21 Oct 2025, 20:20

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:21

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 -

09 May 2025, 14:23

Type Values Removed Values Added
CPE cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
References () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - Third Party Advisory
References () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - Exploit, Third Party Advisory
First Time Geovision gv Vs04a Firmware
Geovision gv Ipcamd Gv Efd1100
Geovision gv Ipcamd Gv Ebl1100 Firmware
Geovision gv Gm8186 Vs14
Geovision gv Ipcamd Gv Fe420
Geovision gv Vs03
Geovision gv Vs216xx Firmware
Geovision gvlx 4 Firmware
Geovision gv Ipcamd Gv Fd3400 Firmware
Geovision gv-vs14 Vs14
Geovision gv Ipcamd Gv Bx130
Geovision gv Ipcamd Gv Ebl1100
Geovision gv Gm8186 Vs14 Firmware
Geovision gv Vs03 Firmware
Geovision gv-dsp Lpr Firmware
Geovision gv Vs216xx
Geovision gv Ipcamd Gv Efd1100 Firmware
Geovision gv Ipcamd Gv Fd2410
Geovision
Geovision gv Ipcamd Gv Bx130 Firmware
Geovision gv-vs14 Vs14 Firmware
Geovision gv Ipcamd Gv Fe420 Firmware
Geovision gv Ipcamd Gv Bx1500 Firmware
Geovision gv Ipcamd Gv Fe3401
Geovision gv Vs2410
Geovision gv Vs28xx Firmware
Geovision gv Ipcamd Gv Cb220
Geovision gv Ipcamd Gv Fd3400
Geovision gv Ipcamd Gv Cb220 Firmware
Geovision gv Vs04a
Geovision gv Vs04h Firmware
Geovision gv Ipcamd Gv Bx1500
Geovision gv-dsp Lpr
Geovision gv Ipcamd Gv Fd2410 Firmware
Geovision gv Vs04h
Geovision gvlx 4
Geovision gv Vs2410 Firmware
Geovision gv Ipcamd Gv Fe3401 Firmware

07 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet -

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html -
References () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html -

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Ciertos dispositivos EOL GeoVision no filtran adecuadamente la entrada del usuario para la funcionalidad específica. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo.

17 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-17 06:15

Updated : 2025-10-30 19:23

NVD link : CVE-2024-6047

Mitre link : CVE-2024-6047

CVE.ORG link : CVE-2024-6047

JSON object : View

Products Affected

geovision

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')