CVE-2024-6047

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6047
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
History

30 Oct 2025, 19:23

Type Values Removed Values Added
CPE cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*		 cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - US Government Resource
First Time Geovision gv-vs14 Firmware
Geovision gv-gm8186 Vs14
Geovision gv-vs2820
Geovision gv-vs2410
Geovision gv-vs14
Geovision gv-fe3401 Firmware
Geovision gv-vs2820 Firmware
Geovision gv-fd2410 Firmware
Geovision gv-cb220
Geovision gv-efd1100 Firmware
Geovision gv-vs2800
Geovision gv-fe420 Firmware
Geovision gv-vs03
Geovision gv-fe420
Geovision gv-fd3400 Firmware
Geovision gv-vs04a Firmware
Geovision gv-bx130 Firmware
Geovision gv-vs2410 Firmware
Geovision gv-vs2800 Firmware
Geovision gv-fe3401
Geovision gv-vs21600 Firmware
Geovision gv-fd2410
Geovision gv-efd1100
Geovision gv-bx1500
Geovision gv-vs04h
Geovision gv-gm8186 Vs14 Firmware
Geovision gv-ebl1100 Firmware
Geovision gv-vs04h Firmware
Geovision gv-vs03 Firmware
Geovision gv-fd3400
Geovision gv-cb220 Firmware
Geovision gv-ebl1100
Geovision gv-bx130
Geovision gv-vs21600
Geovision gv-bx1500 Firmware
Geovision gv-vs04a

21 Oct 2025, 23:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 -

21 Oct 2025, 20:20

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:21

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 -

09 May 2025, 14:23

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - Third Party Advisory
References () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - Exploit, Third Party Advisory
First Time Geovision gv Ipcamd Gv Ebl1100 Firmware
Geovision gv-dsp Lpr Firmware
Geovision gv Ipcamd Gv Fe3401
Geovision gv-vs14 Vs14
Geovision gv Gm8186 Vs14 Firmware
Geovision gv Vs28xx Firmware
Geovision
Geovision gv-vs14 Vs14 Firmware
Geovision gv Ipcamd Gv Fd2410 Firmware
Geovision gv Ipcamd Gv Efd1100
Geovision gv Ipcamd Gv Fe3401 Firmware
Geovision gv Ipcamd Gv Fd3400
Geovision gv Ipcamd Gv Fe420
Geovision gv Ipcamd Gv Efd1100 Firmware
Geovision gv Vs04a
Geovision gv Vs04h Firmware
Geovision gvlx 4 Firmware
Geovision gv Vs2410
Geovision gvlx 4
Geovision gv Vs216xx Firmware
Geovision gv Ipcamd Gv Bx1500 Firmware
Geovision gv Ipcamd Gv Bx130 Firmware
Geovision gv Vs04h
Geovision gv Vs216xx
Geovision gv Ipcamd Gv Cb220 Firmware
Geovision gv Vs04a Firmware
Geovision gv Ipcamd Gv Fd2410
Geovision gv-dsp Lpr
Geovision gv Vs2410 Firmware
Geovision gv Ipcamd Gv Bx1500
Geovision gv Vs03
Geovision gv Ipcamd Gv Ebl1100
Geovision gv Ipcamd Gv Fd3400 Firmware
Geovision gv Vs03 Firmware
Geovision gv Gm8186 Vs14
Geovision gv Ipcamd Gv Fe420 Firmware
Geovision gv Ipcamd Gv Bx130
Geovision gv Ipcamd Gv Cb220
CPE cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*

07 May 2025, 14:15

Type Values Removed Values Added
References
  • () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet -

21 Nov 2024, 09:48

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html -
References () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html -

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Ciertos dispositivos EOL GeoVision no filtran adecuadamente la entrada del usuario para la funcionalidad específica. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo.

17 Jun 2024, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-17 06:15

Updated : 2025-10-30 19:23

NVD link : CVE-2024-6047

Mitre link : CVE-2024-6047

CVE.ORG link : CVE-2024-6047

JSON object : View

Products Affected

geovision

  • gv-fd3400_firmware
  • gv-bx130_firmware
  • gv-dsp_lpr_firmware
  • gvlx_4_firmware
  • gv-vs04a
  • gv-vs2820
  • gv-bx130
  • gv-vs04h
  • gv-vs21600_firmware
  • gv-vs2820_firmware
  • gv-fd2410_firmware
  • gv-bx1500_firmware
  • gv-fd2410
  • gv-vs2410
  • gv-gm8186_vs14_firmware
  • gv-efd1100_firmware
  • gv-efd1100
  • gv-fe3401_firmware
  • gv-vs14
  • gv-fe420_firmware
  • gv-ebl1100
  • gvlx_4
  • gv-fe420
  • gv-gm8186_vs14
  • gv-bx1500
  • gv-cb220
  • gv-dsp_lpr
  • gv-ebl1100_firmware
  • gv-vs03_firmware
  • gv-vs2800
  • gv-cb220_firmware
  • gv-fd3400
  • gv-vs2800_firmware
  • gv-vs04h_firmware
  • gv-vs03
  • gv-vs04a_firmware
  • gv-vs2410_firmware
  • gv-vs14_firmware
  • gv-vs21600
  • gv-fe3401
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')