Skip to content
CVSS 9.0 · CRITICAL

CVE-2026-42370

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Ver en NVD

Análisis

This is an unauthenticated RCE in specific surveillance software. While the CVSS is critical, it is a niche product for physical security and does not impact the common web, mobile, or backend development stacks used by the community.

Severidad

Puntaje: 9.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: HIGH
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-787

EPSS

Probabilidad de explotación (próx. 30 días): 0.0013 (0.1%)
Percentil: 31.9%
EPSS: 2026-05-06

Afecta

geovision:gv-vms_firmwaregeovision:gv-vms

Descripción técnica

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Publicada: 4/5/2026, 1:16:04
Última modificación: 5/5/2026, 2:42:39

Referencias

InicioEventosBlogRecursosEquipo