Geovision
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Geovision product.
RSS Feeds for Geovision security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Geovision products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Geovision Sorted by Most Security Vulnerabilities since 2018
Known Exploited Geovision Vulnerabilities
The following Geovision vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| GeoVision Devices OS Command Injection Vulnerability |
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. CVE-2024-11120 Exploit Probability: 66.1% |
May 7, 2025 |
| GeoVision Devices OS Command Injection Vulnerability |
Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. CVE-2024-6047 Exploit Probability: 73.0% |
May 7, 2025 |
2 known exploited Geovision vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 2 vulnerabilities in Geovision with an average score of 6.2 out of ten. Last year, in 2025 Geovision had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.20 |
| 2025 | 1 | 0.00 |
| 2024 | 3 | 9.80 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Geovision vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Geovision Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-4606 | Mar 23, 2026 |
GV Edge Recording Manager v2.3.1 Local Privilege Escalation via SYSTEM serviceGV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is launched, related processes are spawned under SYSTEM privileges rather than the security context of the logged-in user. Functions such as 'Import Data' open a Windows file dialog operating with SYSTEM permissions, enabling modification or deletion of protected system files and directories. Any ERM function invoking Windows file open/save dialogs exposes the same risk. This vulnerability allows local privilege escalation and may result in full system compromise. |
|
| CVE-2021-47795 | Jan 15, 2026 |
GeoWebServer 5.3.3 LFI/XSS/RCE via WebStrings.srfGeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts. |
|
| CVE-2018-25118 | Oct 20, 2025 |
Remote Command Injection in GeoVision PictureCatch.cgi (GV-BX1500/GV-MFD1501)GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC. |
Gv Bx1500 Firmware
|
| CVE-2024-12553 | Dec 13, 2024 |
GeoVision GV-ASManager GV-ASWeb Service Missing Authorization Information Disclosure VulnerabilityGeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394. |
Gv Asmanager
|
| CVE-2024-11120 | Nov 15, 2024 |
GeoVision EOL Devices OS Command Injection VulnerabilityCertain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. |
Gv Vs12 Firmware
Gv Vs11 Firmware
Gv Dsp Lpr V3 Firmware
And others... |
| CVE-2024-6047 | Jun 17, 2024 |
Unauthenticated Command Injection in GeoVision EOL DevicesCertain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. |
Gv Vs28xx Firmware
Gv Dsp Lpr V2
Gv Bx1500
And others... |
| CVE-2023-23059 | May 04, 2023 |
GeoVision GVEdge RM 2.2.3.0 Windows Improper Permissions EscalationAn issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. |
Gv Edge Recording Manager
|