Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.



Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:


#### IP field stack overflow

The following code is vulnerable to a stack overflow that is attacker-controlled:



v3 = strlen(g_network_config->ip_addr);

memcpy(&reply_buf[36], g_network_config->ip_addr, v3);
Published: 2026-06-24
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The DVRSearch service on the GeoVision GV‑I/O Box 4E processes inbound UDP packets on port 10001 and copies up to 1460 bytes of payload into a local stack buffer. An unchecked memcpy writes the supplied IP address string beyond the allocated space, causing a classic stack buffer overflow (CWE‑121). An attacker who can send crafted packets can corrupt control flow and achieve arbitrary code execution on the device.

Affected Systems

The affected product is GeoVision Inc.’s GV‑I/O Box 4E running firmware versions 2.09 and 2.12 on a Linux kernel. The device is a network‑connected smart relay with 4 inputs and 4 outputs managed over Ethernet and RS-485, and the vulnerability is triggered by any user on the local network that can reach UDP port 10001.

Risk and Exploitability

The CVSS score of 10 classifies this flaw as critical; the EPSS score is not published, and the vulnerability is not listed in CISA KEV. Because the service is exposed on an unprotected UDP port and the overflow occurs without authentication, a local‑network attacker can easily send crafted packets to exploit the stack corruption. Successful exploitation would allow arbitrary code execution, compromising device configuration, integrity, and availability.

Generated by OpenCVE AI on June 24, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify with GeoVision whether a firmware update or patch addressing the buffer overflow is available and apply it when released.
  • Disable or restrict the DVRSearch service by blocking UDP port 10001 through firewall rules or configuration changes so that only trusted hosts can reach it.
  • Place the device in a segmented network or VLAN and enforce strict inbound traffic controls to limit exposure to local network users.
  • Continuously monitor UDP traffic to port 10001 for anomalous payloads and investigate suspicious activity promptly.

Generated by OpenCVE AI on June 24, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Geovision Inc. gv-i/o Box 4e
Vendors & Products Geovision Inc. gv-i/o Box 4e

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### IP field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v3 = strlen(g_network_config->ip_addr); memcpy(&reply_buf[36], g_network_config->ip_addr, v3);
Title GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
First Time appeared Geovision Inc.
Geovision Inc. gv-i O Box 4e
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.09:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.12:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-i O Box 4e
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Geovision Inc. Gv-i/o Box 4e Gv-i O Box 4e
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-24T12:56:06.131Z

Reserved: 2026-06-17T03:09:05.554Z

Link: CVE-2026-12485

cve-icon Vulnrichment

Updated: 2026-06-24T12:55:52.925Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T16:05:14Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow