CVE-2026-7372 - Vulnerability Details

- GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

#### Stack-overflow via unconstrained sscanf

The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur.

The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.

Published: 2026-05-04

Score: 9 Critical

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A stack overflow flaw in GeoVision GV‑VMS V20.0.2’s WebCam Server Login allows an unauthenticated attacker to send a crafted HTTP request that overflows internal buffers for the username and password fields. The overflow can be triggered when either field exceeds 40 characters, leading to memory corruption and potentially arbitrary code execution with SYSTEM privileges on the host running the service.

Affected Systems

The vulnerability affects GeoVision Inc.’s GV‑VMS V20.0.2 for Windows systems. Patch version 21.0.0 has been released to remediate the issue; only the 20.0.2 release is currently vulnerable.

Risk and Exploitability

With a CVSS score of 9, the flaw is high risk. EPSS data is not available, but the vulnerability is publicly documented and could be exploited through a simple unauthenticated HTTP request without additional credentials. It is not listed in CISA’s KEV catalog, yet the combination of a network vector and full SYSTEM execution still warrants urgent attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

GeoVision Inc.

GV-VMS V20.0.2

unaffected

Version	Status	Constraints
`20.0.2`	affected	—
`21.0.0`	unaffected	—

No data.

No data available yet.

Remediation

Vendor Solution

GeoVision GV-VMS version V21.0.0 has patched the reported vulnerability. User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20) or contact GeoVision Support team

OpenCVE Recommended Actions

Apply GeoVision GV-VMS version V21.0.0 to remediate the stack overflow.
If an immediate upgrade is impossible, isolate the affected server from public access or block all unauthenticated HTTP traffic to the WebCam Server endpoint.
Continuously monitor system logs for abnormal authentication attempts and signs of memory corruption or unexpected high privilege processes.

Generated by OpenCVE AI on May 4, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/
https://www.geovision.com.tw/cyber_security.php

History

Mon, 04 May 2026 01:15:00 +0000

Type	Values Removed	Values Added
Description		A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
Title		GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
First Time appeared		Geovision Inc. Geovision Inc. gv-vms V20.0.2
Weaknesses		CWE-787
CPEs		cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.0.2::windows::::: cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:21.0.0::windows:::::
Vendors & Products		Geovision Inc. Geovision Inc. gv-vms V20.0.2
References		https://talosintelligence.com/vulnerability_reports/ https://www.geovision.com.tw/cyber_security.php
Metrics		cvssV3_1 `{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

Geovision Inc. Gv-vms V20.0.2

MITRE

Status: PUBLISHED

Assigner: GV

Published: 2026-05-04T00:47:36.651Z

Updated: 2026-05-04T00:47:36.651Z

Reserved: 2026-04-28T23:12:55.269Z

Link: CVE-2026-7372

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-04T01:16:04.730

Modified: 2026-05-04T01:16:04.730

Link: CVE-2026-7372

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T03:00:11Z

Weaknesses

CWE-787

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object