Impact
GV‑I/O Box 4E hosts a DVRSearch service that listens for UDP traffic on port 10001. When a command is received, the service copies up to 1460 bytes into a fixed‑size local buffer using a memcpy based on the length of a global gateway string. If an attacker supplies a command that exceeds the intended size, the memcpy overwrites adjacent stack memory, creating a classic stack buffer overflow (CWE‑121). This overflow can allow an attacker to overwrite function pointers or return addresses, potentially enabling arbitrary code execution on the device.
Affected Systems
The vulnerability affects GeoVision’s GV‑I/O Box 4E models, specifically firmware versions 2.09 and 2.12 running on a Linux‑based OS. The device is typically deployed on local networks where a user can issue UDP packets to the DVRSearch service.
Risk and Exploitability
The CVSS score of 10 indicates a critical severity. Although the EPSS score is not available, the absence from CISA’s KEV catalog suggests no widely known exploited instances yet. The attack vector is local network; an attacker with network access to the device can craft UDP packets to trigger the overflow. If exploited successfully, the attacker could gain remote code execution with the privileges of the DVRSearch process, allowing full control over the embedded device.
OpenCVE Enrichment