Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.



Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:



#### DNS field stack overflow

The following code is vulnerable to a stack overflow that is attacker-controlled:



v8 = strlen(g_network_config->dns_addr);

memcpy(&reply_buf[248], g_network_config->dns_addr, v8);
Published: 2026-06-24
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the DVRSearch service of GeoVision GV‑I/O Box 4E, which processes UDP packets on port 10001. An attacker on the same network can send a specially crafted packet containing a payload larger than the allocated 1460‑byte buffer. The code copies the DNS address string into a fixed area of the local stack, overwriting the return address and other control data. If an attacker controls the written bytes, they can overwrite execution flow, potentially gaining full control of the device. The CVSS score of 10 highlights that remote code execution is feasible without authentication.

Affected Systems

Affected products are GeoVision Inc.’s GV‑I/O Box 4E smart embedded device, running firmware versions 2.09 and 2.12 on Linux. The device exposes four inputs, four relay outputs, and can be controlled via Ethernet and RS‑485. Any host on the device’s network can reach DVRSearch on UDP port 10001.

Risk and Exploitability

The CVSS rating indicates the highest severity, and the vulnerability relies on network‑level access to the device’s UDP service. Because the vulnerability is unauthenticated and allows arbitrary code execution, the risk is very high. No exploit probability (EPSS) is available, and the issue is not currently listed in CISA’s KEV catalog, but the absence of these metrics does not mitigate the threat. An attacker who can reach the network can exploit the overflow with a single crafted packet, escalating to full device compromise. The lack of authentication or ACLs on the service makes the attack vector straightforward and highly likely in unsegmented environments.

Generated by OpenCVE AI on June 24, 2026 at 09:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from GeoVision that patches the DVRSearch stack overflow as released via the vendor’s cyber‑security page or contact GeoVision for a nonce fix.
  • If a patch is not immediately available, block or restrict UDP traffic to port 10001 using the device’s firewall settings or a network firewall so that only trusted hosts can reach the service.
  • Implement network segmentation so that the GV‑I/O Box 4E resides in a separate, isolated subnet with strict egress rules, reducing the probability that an internal attacker can reach the vulnerable UDP port.

Generated by OpenCVE AI on June 24, 2026 at 09:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 05:00:00 +0000

Type Values Removed Values Added
Description GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### DNS field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v8 = strlen(g_network_config->dns_addr); memcpy(&reply_buf[248], g_network_config->dns_addr, v8);
Title GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command
First Time appeared Geovision Inc.
Geovision Inc. gv-i O Box 4e
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.09:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-i_o_box_4e:v2.12:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-i O Box 4e
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}


Subscriptions

Geovision Inc. Gv-i O Box 4e
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-24T12:49:33.639Z

Reserved: 2026-06-22T00:26:58.083Z

Link: CVE-2026-12848

cve-icon Vulnrichment

Updated: 2026-06-24T12:48:55.415Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T15:45:06Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow