Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.



Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:


#### Gateway field stack overflow

The following code is vulnerable to a stack overflow that is attacker-controlled:



v7 = strlen(g_network_config->gateway);

memcpy(&reply_buf[216], g_network_config->gateway, v7);
Published: 2026-06-24
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

GV‑I/O Box 4E hosts a DVRSearch service that listens for UDP traffic on port 10001. When a command is received, the service copies up to 1460 bytes into a fixed‑size local buffer using a memcpy based on the length of a global gateway string. If an attacker supplies a command that exceeds the intended size, the memcpy overwrites adjacent stack memory, creating a classic stack buffer overflow (CWE‑121). This overflow can allow an attacker to overwrite function pointers or return addresses, potentially enabling arbitrary code execution on the device.

Affected Systems

The vulnerability affects GeoVision’s GV‑I/O Box 4E models, specifically firmware versions 2.09 and 2.12 running on a Linux‑based OS. The device is typically deployed on local networks where a user can issue UDP packets to the DVRSearch service.

Risk and Exploitability

The CVSS score of 10 indicates a critical severity. Although the EPSS score is not available, the absence from CISA’s KEV catalog suggests no widely known exploited instances yet. The attack vector is local network; an attacker with network access to the device can craft UDP packets to trigger the overflow. If exploited successfully, the attacker could gain remote code execution with the privileges of the DVRSearch process, allowing full control over the embedded device.

Generated by OpenCVE AI on June 24, 2026 at 09:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply GeoVision’s firmware patch that addresses the DVRSearch stack overflow.
  • If a patch is not yet available, block UDP traffic to port 10001 for the device using network firewall rules.
  • Consider isolating the GV‑I/O Box 4E in a separate VLAN or subnet, restricting access so only trusted hosts can reach the DVRSearch service.

Generated by OpenCVE AI on June 24, 2026 at 09:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Gateway field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v7 = strlen(g_network_config->gateway); memcpy(&reply_buf[216], g_network_config->gateway, v7);
Title GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
First Time appeared Geovision Inc.
Geovision Inc. gv-i O Box 4e
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.09:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.12:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-i O Box 4e
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Geovision Inc. Gv-i O Box 4e
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-24T13:16:38.193Z

Reserved: 2026-06-22T00:26:55.874Z

Link: CVE-2026-12847

cve-icon Vulnrichment

Updated: 2026-06-24T13:16:33.443Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:45:06Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow