Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

#### Stack-overflow via unconstrained sscanf

The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur.



The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
Published: 2026-05-04
Score: 9 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack overflow flaw in GeoVision GV‑VMS V20.0.2’s WebCam Server Login allows an unauthenticated attacker to send a crafted HTTP request that overflows internal buffers for the username and password fields. The overflow can be triggered when either field exceeds 40 characters, leading to memory corruption and potentially arbitrary code execution with SYSTEM privileges on the host running the service.

Affected Systems

The vulnerability affects GeoVision Inc.’s GV‑VMS V20.0.2 for Windows systems. Patch version 21.0.0 has been released to remediate the issue; only the 20.0.2 release is currently vulnerable.

Risk and Exploitability

With a CVSS score of 9, the flaw is high risk. EPSS data is not available, but the vulnerability is publicly documented and could be exploited through a simple unauthenticated HTTP request without additional credentials. It is not listed in CISA’s KEV catalog, yet the combination of a network vector and full SYSTEM execution still warrants urgent attention.

Generated by OpenCVE AI on May 4, 2026 at 02:50 UTC.

Remediation

Vendor Solution

GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability.  User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20) or contact GeoVision Support team For User currently running V20.0.2 may also visit the following link to download the V20.0.2.10 patch file that fixed the vulnerability.  https://php.gvdip.com/phpbb3/viewtopic.php?t=3326

OpenCVE Recommended Actions

  • Apply GeoVision GV-VMS version V21.0.0 to remediate the stack overflow.
  • If an immediate upgrade is impossible, isolate the affected server from public access or block all unauthenticated HTTP traffic to the WebCam Server endpoint.
  • Continuously monitor system logs for abnormal authentication attempts and signs of memory corruption or unexpected high privilege processes.

Generated by OpenCVE AI on May 4, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 09:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:21.0.0:*:windows:*:*:*:*:* cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.0.2.10:*:windows:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.1.0.0:*:windows:*:*:*:*:*

Tue, 05 May 2026 04:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 05 May 2026 02:45:00 +0000

Type Values Removed Values Added
First Time appeared Geovision gv-vms Firmware
CPEs cpe:2.3:h:geovision:gv-vms:20:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-vms_firmware:*:*:*:*:*:*:*:*
Vendors & Products Geovision gv-vms Firmware

Mon, 04 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Geovision
Geovision gv-vms
Vendors & Products Geovision
Geovision gv-vms

Mon, 04 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
Title GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability
First Time appeared Geovision Inc.
Geovision Inc. gv-vms V20.0.2
Weaknesses CWE-787
CPEs cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:20.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2:21.0.0:*:windows:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-vms V20.0.2
References
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Geovision Gv-vms Gv-vms Firmware
Geovision Inc. Gv-vms V20.0.2
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-05-15T07:45:38.690Z

Reserved: 2026-04-28T23:12:55.269Z

Link: CVE-2026-7372

cve-icon Vulnrichment

Updated: 2026-05-04T12:52:38.113Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T01:16:04.730

Modified: 2026-05-05T02:38:55.450

Link: CVE-2026-7372

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:44:16Z

Weaknesses