Description
A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. 


A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.
Published: 2026-06-24
Score: 6.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory corruption flaw in the GV-Cloud component of GeoVision GV-VMS version 20.0.2. A specially crafted network packet can overflow a buffer, triggering a denial of service. Because the attacker can forge a request that mimics the legitimate server, the flaw can be invoked remotely over the network, leading to an interruption of service for users relying on the video management platform.

Affected Systems

GeoVision GV-VMS version 20.0.2 running on Windows systems is affected. The vulnerability is addressed in GeoVision GV-VMS version 20.1.0. All deployments of the GV-Cloud feature using v20.0.2 should be updated.

Risk and Exploitability

The CVSS score of 6.2 indicates a moderate severity. The EPSS score is not available, and the issue is not listed in CISA's KEV catalog, suggesting it has not been widely exploited yet. However, the remote nature of the attack vector makes the vulnerability accessible to adversaries who can reach the GV-Cloud interface. Attackers could cause a denial of service by sending the crafted request, potentially disrupting operations of the video surveillance system.

Generated by OpenCVE AI on June 24, 2026 at 09:14 UTC.

Remediation

Vendor Solution

GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability.  User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20) or contact GeoVision Support team at support@geovision.com.tw


OpenCVE Recommended Actions

  • Apply the GeoVision GV-VMS v20.1.0 patch, which includes the memory corruption fix.
  • If patching cannot occur immediately, isolate the GV-Cloud service behind a firewall or restrict access to known IP addresses to limit exposure to remote attacks.
  • Inspect system logs for repeated failed or malformed requests to detect exploitation attempts and monitor for performance degradation or crashes.

Generated by OpenCVE AI on June 24, 2026 at 09:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.  A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.
Title GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability
First Time appeared Geovision Inc.
Geovision Inc. geovision
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:geovision:v20.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:geovision_inc.:geovision:v20.1.0.0:*:windows:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. geovision
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H'}


Subscriptions

Geovision Inc. Geovision
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-24T12:55:14.968Z

Reserved: 2026-06-17T03:39:27.939Z

Link: CVE-2026-12488

cve-icon Vulnrichment

Updated: 2026-06-24T05:23:56.794Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:45:06Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow