CVE-2024-6047

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6047
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
History

30 Oct 2025, 19:23

Type Values Removed Values Added
First Time Geovision gv-fd3400 Firmware
Geovision gv-fd2410
Geovision gv-vs2800
Geovision gv-vs04h Firmware
Geovision gv-vs2820
Geovision gv-bx1500
Geovision gv-fd3400
Geovision gv-vs03 Firmware
Geovision gv-fe420 Firmware
Geovision gv-gm8186 Vs14
Geovision gv-efd1100
Geovision gv-cb220 Firmware
Geovision gv-vs2410 Firmware
Geovision gv-efd1100 Firmware
Geovision gv-gm8186 Vs14 Firmware
Geovision gv-vs14 Firmware
Geovision gv-bx130 Firmware
Geovision gv-vs2800 Firmware
Geovision gv-bx1500 Firmware
Geovision gv-fd2410 Firmware
Geovision gv-fe420
Geovision gv-vs04a Firmware
Geovision gv-vs04a
Geovision gv-vs21600 Firmware
Geovision gv-vs14
Geovision gv-cb220
Geovision gv-ebl1100 Firmware
Geovision gv-ebl1100
Geovision gv-vs03
Geovision gv-bx130
Geovision gv-fe3401 Firmware
Geovision gv-fe3401
Geovision gv-vs2820 Firmware
Geovision gv-vs04h
Geovision gv-vs21600
Geovision gv-vs2410
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - US Government Resource
CPE cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*		 cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*

21 Oct 2025, 23:16

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 -

21 Oct 2025, 20:20

Type Values Removed Values Added
References
  • {'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

21 Oct 2025, 19:21

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 -

09 May 2025, 14:23

Type Values Removed Values Added
References
  • () https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet - Exploit, Third Party Advisory
References () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - () https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - () https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html - Third Party Advisory
First Time Geovision gv Ipcamd Gv Fd3400 Firmware
Geovision gv-vs14 Vs14 Firmware
Geovision gv Vs28xx Firmware
Geovision gv Gm8186 Vs14 Firmware
Geovision gv Ipcamd Gv Fd2410 Firmware
Geovision gv Vs216xx
Geovision gv Ipcamd Gv Fe3401
Geovision gv Vs03
Geovision gv Gm8186 Vs14
Geovision gv Vs2410
Geovision gv Vs04a
Geovision gv Ipcamd Gv Fd2410
Geovision gv-vs14 Vs14
Geovision gv Vs04a Firmware
Geovision gv Ipcamd Gv Bx1500 Firmware
Geovision
Geovision gv Vs03 Firmware
Geovision gv Vs2410 Firmware
Geovision gv Ipcamd Gv Efd1100 Firmware
Geovision gv Vs216xx Firmware
Geovision gv-dsp Lpr
Geovision gv Vs04h
Geovision gv Ipcamd Gv Fd3400
Geovision gv Ipcamd Gv Bx1500
Geovision gv Vs04h Firmware
Geovision gv Ipcamd Gv Efd1100
Geovision gvlx 4 Firmware
Geovision gv Ipcamd Gv Ebl1100 Firmware
Geovision gv Ipcamd Gv Cb220
Geovision gv Ipcamd Gv Fe3401 Firmware
Geovision gvlx 4
Geovision gv Ipcamd Gv Bx130 Firmware
Geovision gv Ipcamd Gv Fe420 Firmware
Geovision gv Ipcamd Gv Ebl1100
Geovision gv-dsp Lpr Firmware
Geovision gv Ipcamd Gv Bx130
Geovision gv Ipcamd Gv Fe420
Geovision gv Ipcamd Gv Cb220 Firmware
CPE cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*
Information

Published : 2024-06-17 06:15

Updated : 2025-10-30 19:23

NVD link : CVE-2024-6047

Mitre link : CVE-2024-6047

CVE.ORG link : CVE-2024-6047

JSON object : View

Products Affected

geovision

  • gv-fe3401
  • gv-fd2410
  • gv-vs04a
  • gvlx_4_firmware
  • gv-fe3401_firmware
  • gv-cb220
  • gvlx_4
  • gv-dsp_lpr_firmware
  • gv-efd1100_firmware
  • gv-fd3400
  • gv-vs14_firmware
  • gv-bx1500
  • gv-vs03
  • gv-vs04h_firmware
  • gv-ebl1100
  • gv-vs21600
  • gv-vs04a_firmware
  • gv-bx130
  • gv-efd1100
  • gv-gm8186_vs14_firmware
  • gv-dsp_lpr
  • gv-vs2820
  • gv-gm8186_vs14
  • gv-vs2410
  • gv-fe420
  • gv-ebl1100_firmware
  • gv-bx130_firmware
  • gv-vs04h
  • gv-vs21600_firmware
  • gv-cb220_firmware
  • gv-vs14
  • gv-bx1500_firmware
  • gv-fe420_firmware
  • gv-vs03_firmware
  • gv-vs2800_firmware
  • gv-vs2800
  • gv-vs2820_firmware
  • gv-fd3400_firmware
  • gv-vs2410_firmware
  • gv-fd2410_firmware
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')