【Vulnerability Alert】GeoVision End-of-Life Devices - OS Command Injection
publish date :
2024-11-20
update date :
2024-11-20
Source: Ministry of education information & communication security contingency platform
Publication Number | TACERT-ANA-2024111901111313 | Publication Time | 2024/11/19 13:06 |
Incident Type | ANA-Vulnerability Alert | Discovery Time | 2024/11/19 13:06 |
Impact Level | Medium | ||
[Subject] 【Vulnerability Alert】GeoVision End-of-Life Devices - OS Command Injection |
|||
[Content] Forwarded from TWCERTCC-200-202411-00000003 [GeoVision End-of-Life Devices - OS Command Injection](TVN-202411014, CVE-2024-11120, CVSS: 9.8) Certain end-of-life devices from GeoVision are affected by an OS Command Injection vulnerability. This flaw allows unauthenticated remote attackers to inject system commands and execute them on the device. Additionally, reports indicate that this vulnerability has already been exploited. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
[Affected Platform] GV-VS12、GV-VS11、GV-DSP_LPR_V3、GVLX 4 V2、GVLX 4 V3 |
|||
[Recommended Actions] Since the affected products are no longer supported, it is strongly advised to replace these devices. |
|||
[Reference] https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html |
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center