Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Published: 2026-05-04
Score: 9 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV‑VMS V20.0.2. A specially crafted HTTP request can trigger a buffer overflow that allows an attacker to execute arbitrary code. The vulnerability can be exploited without authentication and offers a high‑impact avenue for compromising the affected system.

Affected Systems

Vendor GeoVision Inc. offers the GV‑VMS V20.0.2 product. The known affected version is 20.0.2. GeoVision has released an update, GV‑VMS V21.0.0, that patches the vulnerability.

Risk and Exploitability

The CVSS score of 9 indicates critical severity. EPSS data is not available, but the flaw is remotely exploitable via an unauthenticated HTTP request and is not listed in the CISA KEV catalog. Attackers can leverage the stack overflow to execute arbitrary code, potentially compromising system confidentiality, integrity, and availability.

Generated by OpenCVE AI on May 4, 2026 at 02:20 UTC.

Remediation

Vendor Solution

GeoVision GV-VMS version V21.0.0 has patched the reported vulnerability.  User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20) or contact GeoVision Support team

OpenCVE Recommended Actions

  • Upgrade GeoVision GV‑VMS to version 21.0.0 or later.
  • If an upgrade is not immediately possible, contact GeoVision Support for further guidance and apply any interim vendor‑provided mitigations.
  • Implement network controls to restrict unauthenticated access to the WebCam Server Login endpoint, such as firewall rules or reverse proxy authentication, until a patch is applied.

Generated by OpenCVE AI on May 4, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Title GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
First Time appeared Geovision Inc.
Geovision Inc. gv-vms V20.0.2
Weaknesses CWE-787
CPEs cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:21.0.0:*:windows:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-vms V20.0.2
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Geovision Inc. Gv-vms V20.0.2
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-05-04T00:48:05.154Z

Reserved: 2026-04-26T23:39:08.350Z

Link: CVE-2026-42370

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T01:16:04.310

Modified: 2026-05-04T01:16:04.310

Link: CVE-2026-42370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T02:30:34Z

Weaknesses