Refine your search
10 vulnerabilities found for by Geovision
CVE-2026-4606 (GCVE-0-2026-4606)
Vulnerability from cvelistv5
Published
2026-03-23 01:05
Modified
2026-03-24 03:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-250 - Execution with unnecessary privileges
Summary
GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.
During installation, ERM creates a Windows service that runs under the LocalSystem account.
When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.
Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.
Any ERM function invoking Windows file open/save dialogs exposes the same risk.
This vulnerability allows local privilege escalation and may result in full system compromise.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | GV-Edge Recording Manager |
Version: 2.3.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4606",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T03:56:02.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.geovision.com.tw/download/product/GV%E2%80%90Edge%20Recording%20Manager%20(Windows%20Version)",
"defaultStatus": "unaffected",
"packageName": "GV-Edge Recording Manager",
"platforms": [
"Windows"
],
"product": "GV-Edge Recording Manager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "2.3.1"
},
{
"status": "unaffected",
"version": "2.3.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Reported by security researcher Chao Liu (chaoliu@rbbusa.com)"
}
],
"datePublic": "2026-03-23T01:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u0026nbsp;\u003c/p\u003e\u003cp\u003eDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u0026nbsp;\u003c/p\u003e\u003cp\u003eWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u0026nbsp;\u003c/p\u003e\u003cp\u003eFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u0026nbsp;\u003c/p\u003e\u003cp\u003eAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis vulnerability allows local privilege escalation and may result in full system compromise.\u003c/p\u003e"
}
],
"value": "GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.\u00a0\n\nDuring installation, ERM creates a Windows service that runs under the LocalSystem account.\u00a0\n\nWhen the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user.\u00a0\n\nFunctions such as \u0027Import Data\u0027 open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories.\u00a0\n\nAny ERM function invoking Windows file open/save dialogs exposes the same risk.\u00a0\n\nThis vulnerability allows local privilege escalation and may result in full system compromise."
}
],
"impacts": [
{
"capecId": "CAPEC-113",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-113 Interface Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "IRRECOVERABLE",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:N/R:I/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250 Execution with unnecessary privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T01:15:18.367Z",
"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"shortName": "GV"
},
"references": [
{
"url": "https://https://www.geovision.com.tw/cyber_security.php"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "GeoVision ERM Improper Privilege Assignment Leads to SYSTEM-Level Privilege",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9",
"assignerShortName": "GV",
"cveId": "CVE-2026-4606",
"datePublished": "2026-03-23T01:05:31.952Z",
"dateReserved": "2026-03-23T00:46:43.918Z",
"dateUpdated": "2026-03-24T03:56:02.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47795 (GCVE-0-2021-47795)
Vulnerability from cvelistv5
Published
2026-01-15 23:25
Modified
2026-04-07 14:06
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Geovision | GeoVision Geowebserver |
Version: <= 5.3.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47795",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:07:12.459055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T16:07:18.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GeoVision Geowebserver",
"vendor": "Geovision",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.3.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ken \u0027s1ngular1ty\u0027 Pyle"
}
],
"datePublic": "2021-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:06:12.212Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50211",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50211"
},
{
"name": "GeoVision Cyber Security Page",
"tags": [
"product"
],
"url": "https://www.geovision.com.tw/cyber_security.php"
},
{
"name": "VulnCheck Advisory: GeoVision Geowebserver 5.3.3 - Local FIle Inclusion",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/geovision-geowebserver-local-file-inclusion"
}
],
"title": "GeoVision Geowebserver 5.3.3 - Local FIle Inclusion",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47795",
"datePublished": "2026-01-15T23:25:44.158Z",
"dateReserved": "2026-01-14T14:39:44.739Z",
"dateUpdated": "2026-04-07T14:06:12.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12553 (GCVE-0-2024-12553)
Vulnerability from cvelistv5
Published
2024-12-13 22:34
Modified
2024-12-16 17:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.
The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | GV-ASManager |
Version: 6.1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12553",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T17:55:15.097729Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T17:55:27.880Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "GV-ASManager",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "6.1.0"
}
]
}
],
"dateAssigned": "2024-12-11T21:53:45.854Z",
"datePublic": "2024-12-12T19:31:55.073Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used.\n\nThe specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T22:34:23.601Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1682",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1682/"
}
],
"source": {
"lang": "en",
"value": "Angela"
},
"title": "GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12553",
"datePublished": "2024-12-13T22:34:23.601Z",
"dateReserved": "2024-12-11T21:53:45.864Z",
"dateUpdated": "2024-12-16T17:55:27.880Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11120 (GCVE-0-2024-11120)
Vulnerability from cvelistv5
Published
2024-11-15 02:00
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:geovision:gv-vs12_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs12_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gv-vs11_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs11_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gv-dsp_lpr_v3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-dsp_lpr_v3_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gvlx_4_v2_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gvlx_4_v2_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:geovision:gvlx_4_v3_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gvlx_4_v3_firmware",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11120",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T17:12:05.450406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:36.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-11120"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-07T00:00:00.000Z",
"value": "CVE-2024-11120 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV-VS12",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-VS11",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-DSP_LPR_V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2024-11-15T01:56:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
}
],
"value": "Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T02:00:27.361Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp; The affected devices are no longer being maintained. It is recommended to replace them.\u003cbr\u003e"
}
],
"value": "The affected devices are no longer being maintained. It is recommended to replace them."
}
],
"source": {
"advisory": "TVN-202411014",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_known-exploited-vulnerability"
],
"title": "GeoVision EOL devices - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-11120",
"datePublished": "2024-11-15T02:00:27.361Z",
"dateReserved": "2024-11-12T06:23:33.571Z",
"dateUpdated": "2025-10-21T22:55:36.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6047 (GCVE-0-2024-6047)
Vulnerability from cvelistv5
Published
2024-06-17 05:48
Modified
2025-10-21 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| GeoVision | GV_DSP_LPR_V2 |
Version: all |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:geovision:gv-dsp_lpr_v2:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-dsp_lpr_v2",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-bx1500:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-bx1500",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-cb220:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-cb220",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-ebl1100:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-ebl1100",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-efd1100:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-efd1100",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fd2410:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fd2410",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fd3400:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fd3400",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fd3401:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fd3401",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-fe420:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-fe420",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs14:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs14",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs03:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs03",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs2410:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs2410",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs04a:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs04a",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs04h:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs04h",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-lx_4_v2:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-lx_4_v2",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-lx_4_v3:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-lx_4_v3",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs28xx:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs28xx",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:geovision:gv-vs216xx:0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gv-vs216xx",
"vendor": "geovision",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6047",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T17:12:10.191958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-05-07",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:21.904Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"url": "https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-07T00:00:00.000Z",
"value": "CVE-2024-6047 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV_DSP_LPR_V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_BX1500",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_CB220",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_EBL1100",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_EFD1100",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FD2410",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FD3400",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FE3401",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_FE420",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV-VS14_VS14",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS03",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS2410",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS28XX",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_VS216XX",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV VS04A",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV VS04H",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V2",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GVLX 4 V3",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_IPCAMD_GV_BX130",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
},
{
"defaultStatus": "unaffected",
"product": "GV_GM8186_VS14",
"vendor": "GeoVision",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"datePublic": "2024-06-17T05:48:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
}
],
"value": "Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T07:33:54.631Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All affected products are no longer in surport. Please retire or replace them."
}
],
"value": "All affected products are no longer in surport. Please retire or replace them."
}
],
"source": {
"advisory": "TVN-202406015",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "GeoVision EOL device - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-6047",
"datePublished": "2024-06-17T05:48:42.779Z",
"dateReserved": "2024-06-17T02:00:24.960Z",
"dateUpdated": "2025-10-21T22:56:21.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3638 (GCVE-0-2023-3638)
Vulnerability from cvelistv5
Published
2023-07-19 14:22
Modified
2025-01-16 21:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | GV-ADR2701 |
Version: 1.00_2017_12_15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:23:13.718169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:31:09.285Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GV-ADR2701",
"vendor": "GeoVision ",
"versions": [
{
"status": "affected",
"version": "1.00_2017_12_15"
}
]
}
],
"datePublic": "2023-07-18T14:19:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nIn GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
}
],
"value": "In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-19T14:22:13.198Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-199-05"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\u003cbr\u003e"
}
],
"value": "GeoVision recommends that users of these devices upgrade to newer models\n with the latest firmware update which they have verified are not \nvulnerable to this issue such as TDR2704, TDR2702, or TDR2700. \nAlternatively, users could restrict connection of these cameras to \nclosed local area networks isolated from internet connection.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision GV-ADR2701 Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2023-3638",
"datePublished": "2023-07-19T14:22:13.198Z",
"dateReserved": "2023-07-12T13:56:15.455Z",
"dateUpdated": "2025-01-16T21:31:09.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3931 (GCVE-0-2020-3931)
Vulnerability from cvelistv5
Published
2020-07-08 10:05
Modified
2024-09-16 17:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Version: GV-AS210 < Version: GV-AS410 < Version: GV-AS810 < Version: GV-GF192x < Version: GV-AS1010 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-08T10:05:20.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-07-08T10:00:00.000Z",
"ID": "CVE-2020-3931",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3754-b77d0-1.html"
},
{
"name": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision",
"refsource": "MISC",
"url": "https://www.acronis.com/en-us/blog/posts/backdoor-wide-open-critical-vulnerabilities-uncovered-geovision"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210, \nUpdate to version 2.22 in GV-AS410, \nUpdate to version 2.22 in GV-AS810,\nUpdate to version 1.22 in GV-GF192x, \nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3931",
"datePublished": "2020-07-08T10:05:21.030Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:23:37.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3930 (GCVE-0-2020-3930)
Vulnerability from cvelistv5
Published
2020-06-12 08:25
Modified
2024-09-16 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Version: GV-GF192x < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3930",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Information disclosure vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3697-780d0-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 1.22 in GV-GF192x"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3930",
"datePublished": "2020-06-12T08:25:23.937Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:57:40.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3929 (GCVE-0-2020-3929)
Vulnerability from cvelistv5
Published
2020-06-12 08:25
Modified
2024-09-17 02:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Shared cryptographic keys
Summary
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Version: GV-AS210 < Version: GV-AS410 < Version: GV-AS810 < Version: GV-GF192x < Version: GV-AS1010 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Shared cryptographic keys",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Shared cryptographic keys",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3929",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Shared cryptographic keys"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Shared cryptographic keys"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3696-6601c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3929",
"datePublished": "2020-06-12T08:25:23.476Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:26:42.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3928 (GCVE-0-2020-3928)
Vulnerability from cvelistv5
Published
2020-06-12 08:25
Modified
2024-09-17 01:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Hardcoded privileged password
Summary
GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GeoVision | Door Access Control Device |
Version: GV-AS210 < Version: GV-AS410 < Version: GV-AS810 < Version: GV-GF192x < Version: GV-AS1010 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:19.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Door Access Control Device",
"vendor": "GeoVision",
"versions": [
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS210",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS410",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.21",
"status": "affected",
"version": "GV-AS810",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.10",
"status": "affected",
"version": "GV-GF192x",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.32",
"status": "affected",
"version": "GV-AS1010",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-06-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Hardcoded privileged password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-12T08:25:22.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "GeoVision Door Access Control Device - Hardcoded privileged password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2020-06-12T08:00:00.000Z",
"ID": "CVE-2020-3928",
"STATE": "PUBLIC",
"TITLE": "GeoVision Door Access Control Device - Hardcoded privileged password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Door Access Control Device",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "GV-AS210",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS410",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS810",
"version_value": "2.21"
},
{
"version_affected": "\u003c=",
"version_name": "GV-GF192x",
"version_value": "1.10"
},
{
"version_affected": "\u003c=",
"version_name": "GV-AS1010",
"version_value": "1.32"
}
]
}
}
]
},
"vendor_name": "GeoVision"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hardcoded privileged password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-3695-9e72d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update to version 2.22 in GV-AS210\nUpdate to version 2.22 in GV-AS410\nUpdate to version 2.22 in GV-AS810\nUpdate to version 1.22 in GV-GF192x\nUpdate to version 1.33 in GV-AS1010"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2020-3928",
"datePublished": "2020-06-12T08:25:23.055Z",
"dateReserved": "2019-12-20T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:21:32.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}