Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Published: 2026-05-04
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV‑VMS V20.0.2. A specially crafted HTTP request can trigger a buffer overflow that allows an attacker to execute arbitrary code. The vulnerability can be exploited without authentication and offers a high‑impact avenue for compromising the affected system.

Affected Systems

Vendor GeoVision Inc. offers the GV‑VMS V20.0.2 product. The known affected version is 20.0.2. GeoVision has released an update, GV‑VMS V21.0.0, that patches the vulnerability.

Risk and Exploitability

The CVSS score of 9 indicates critical severity. EPSS data is not available, but the flaw is remotely exploitable via an unauthenticated HTTP request and is not listed in the CISA KEV catalog. Attackers can leverage the stack overflow to execute arbitrary code, potentially compromising system confidentiality, integrity, and availability.

Generated by OpenCVE AI on May 4, 2026 at 02:20 UTC.

Remediation

Vendor Solution

GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability.  User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20) or contact GeoVision Support team For User currently running V20.0.2 may also visit the following link to download the V20.0.2.10 patch file that fixed the vulnerability.  https://php.gvdip.com/phpbb3/viewtopic.php?t=3326

OpenCVE Recommended Actions

  • Upgrade GeoVision GV‑VMS to version 21.0.0 or later.
  • If an upgrade is not immediately possible, contact GeoVision Support for further guidance and apply any interim vendor‑provided mitigations.
  • Implement network controls to restrict unauthenticated access to the WebCam Server Login endpoint, such as firewall rules or reverse proxy authentication, until a patch is applied.

Generated by OpenCVE AI on May 4, 2026 at 02:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 09:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.0.2.10:*:windows:*:*:*:*:*

Tue, 12 May 2026 02:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:21.0.0:*:windows:*:*:*:*:* cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.1.0:*:windows:*:*:*:*:*

Tue, 05 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Geovision gv-vms Firmware
CPEs cpe:2.3:h:geovision:gv-vms:20:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vms_firmware:*:*:*:*:*:*:*:*
Vendors & Products Geovision gv-vms Firmware

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Geovision
Geovision gv-vms
Vendors & Products Geovision
Geovision gv-vms

Mon, 04 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Title GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
First Time appeared Geovision Inc.
Geovision Inc. gv-vms V20.0.2
Weaknesses CWE-787
CPEs cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:21.0.0:*:windows:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-vms V20.0.2
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Geovision Gv-vms Gv-vms Firmware
Geovision Inc. Gv-vms V20.0.2
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-05-15T07:45:17.269Z

Reserved: 2026-04-26T23:39:08.350Z

Link: CVE-2026-42370

cve-icon Vulnrichment

Updated: 2026-05-04T12:54:16.472Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T01:16:04.310

Modified: 2026-05-05T02:42:39.910

Link: CVE-2026-42370

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:15Z

Weaknesses