Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.



Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:


#### Net Mask field stack overflow

The following code is vulnerable to a stack overflow that is attacker-controlled:



v6 = strlen(g_network_config->net_mask);

memcpy(&reply_buf[184], g_network_config->net_mask, v6);
Published: 2026-06-24
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The GV‑I/O Box 4E DVRSearch service contains a stack buffer overflow that is triggered by the CMD_IP_SET command. The service copies an attacker‑controlled UDP payload into a 1460‑byte buffer and then performs a memcpy that writes beyond the buffer boundaries. This vulnerability matches CWE‑121 and can lead to arbitrary code execution or a denial‑of‑service if the overflow is successfully exploited.

Affected Systems

The vulnerability affects GeoVision Inc.’s GV‑I/O Box 4E running on Linux. Firmware versions 2.09 and 2.12 are identified as affected. The DVRSearch service listens for UDP packets on port 10001 and is enabled by default.

Risk and Exploitability

The CVSS score of 10 marks this flaw as critical, and the attack vector is inferred to be local network access because any user on the same network can send UDP messages to the exposed service. No authentication is required and the vulnerability is not listed in the CISA KEV catalog. With a lack of an EPSS score, the exact exploitation probability is unknown, but the combination of a high severity score, network reach, and lack of mitigation strongly suggests a high risk of exploitation.

Generated by OpenCVE AI on June 24, 2026 at 09:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor firmware update that addresses the buffer overflow when one becomes available.
  • Block or restrict UDP traffic on port 10001 with a firewall to limit exposure to trusted devices.
  • Disable the DVRSearch service or configure the device to prevent the use of the CMD_IP_SET command until a patch is applied.

Generated by OpenCVE AI on June 24, 2026 at 09:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Net Mask field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v6 = strlen(g_network_config->net_mask); memcpy(&reply_buf[184], g_network_config->net_mask, v6);
Title GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
First Time appeared Geovision Inc.
Geovision Inc. gv-i O Box 4e
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.09:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.12:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-i O Box 4e
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Geovision Inc. Gv-i O Box 4e
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-24T12:55:36.396Z

Reserved: 2026-06-22T00:26:45.854Z

Link: CVE-2026-12846

cve-icon Vulnrichment

Updated: 2026-06-24T12:55:32.702Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:45:06Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow