CVE-2024-11120NVD

Vulnerability Summary

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

Severity Level

CRITICAL(9.8)

Published Date

Nov 15, 2024

Last Modified

May 9, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html
https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2024-11120NVD

Vulnerability Summary

External References