CVE-2024-6047

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-6047
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html Third Party Advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-dsp_lpr:2.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
History

30 Oct 2025, 19:23

Type Values Removed Values Added
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047 - US Government Resource
First Time Geovision gv-vs04a Firmware
Geovision gv-efd1100 Firmware
Geovision gv-vs2410
Geovision gv-fd3400 Firmware
Geovision gv-ebl1100
Geovision gv-fd2410 Firmware
Geovision gv-vs03 Firmware
Geovision gv-gm8186 Vs14 Firmware
Geovision gv-vs2820
Geovision gv-bx130
Geovision gv-vs21600
Geovision gv-fe3401
Geovision gv-vs21600 Firmware
Geovision gv-fd3400
Geovision gv-vs14
Geovision gv-gm8186 Vs14
Geovision gv-vs14 Firmware
Geovision gv-vs03
Geovision gv-bx1500
Geovision gv-vs04a
Geovision gv-bx130 Firmware
Geovision gv-fe3401 Firmware
Geovision gv-vs04h
Geovision gv-vs2820 Firmware
Geovision gv-ebl1100 Firmware
Geovision gv-efd1100
Geovision gv-fe420 Firmware
Geovision gv-fe420
Geovision gv-vs2800
Geovision gv-vs2800 Firmware
Geovision gv-vs2410 Firmware
Geovision gv-fd2410
Geovision gv-vs04h Firmware
Geovision gv-bx1500 Firmware
Geovision gv-cb220
Geovision gv-cb220 Firmware
CPE cpe:2.3:h:geovision:gv_vs04a:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs216xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd3400:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs216xx:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe3401:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs03:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fe420:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_cb220:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_efd1100:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx1500:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_fd2410:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_ipcamd_gv_fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_ipcamd_gv_bx130:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14_vs14:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs28xx_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv_vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_vs04h:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv_gm8186_vs14:-:*:*:*:*:*:*:*		 cpe:2.3:o:geovision:gv-vs21600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2820:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe3401:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd3400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04h:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx130:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-cb220_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-bx1500:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-cb220:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd3400:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fd2410:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs03:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-fe420:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs03_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe3401_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-gm8186_vs14_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs2820_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs04a:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-gm8186_vs14:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-ebl1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fe420_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs21600:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-efd1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-bx1500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04a_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-ebl1100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-efd1100:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vs04h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-fd2410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-vs2800:-:*:*:*:*:*:*:*
Information

Published : 2024-06-17 06:15

Updated : 2025-10-30 19:23

NVD link : CVE-2024-6047

Mitre link : CVE-2024-6047

CVE.ORG link : CVE-2024-6047

JSON object : View

Products Affected

geovision

  • gv-vs14
  • gv-fd3400
  • gv-fd3400_firmware
  • gv-vs2800_firmware
  • gv-bx1500_firmware
  • gvlx_4
  • gv-gm8186_vs14_firmware
  • gv-vs14_firmware
  • gv-efd1100
  • gv-bx1500
  • gv-dsp_lpr_firmware
  • gv-fd2410
  • gv-fd2410_firmware
  • gv-cb220_firmware
  • gv-fe3401_firmware
  • gvlx_4_firmware
  • gv-efd1100_firmware
  • gv-vs04h
  • gv-fe420_firmware
  • gv-vs21600_firmware
  • gv-bx130
  • gv-vs04h_firmware
  • gv-vs03_firmware
  • gv-vs2410_firmware
  • gv-vs21600
  • gv-dsp_lpr
  • gv-vs2410
  • gv-fe420
  • gv-gm8186_vs14
  • gv-vs04a
  • gv-ebl1100_firmware
  • gv-vs04a_firmware
  • gv-vs2820
  • gv-cb220
  • gv-vs2820_firmware
  • gv-vs2800
  • gv-ebl1100
  • gv-fe3401
  • gv-bx130_firmware
  • gv-vs03
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')