2 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. • https://github.com/FoKiiin/CVE-2024-11120 https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 20EXPL: 0

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Ciertos dispositivos EOL GeoVision no filtran adecuadamente la entrada del usuario para la funcionalidad específica. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo. • https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •