CVE-2024-6047

CRITICAL 9.8

⚠️ CISA KEV

GeoVision EOL device - OS Command Injection

CVSS Score

9.8

EPSS Score

0.0%

EPSS Percentile

0th

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CWE	CWE-78
Vendor	geovision
Product	gv_dsp_lpr_v2
Published	Jun 17, 2024
Last Updated	Oct 21, 2025

⚠️ Actively Exploited — Act Now

Get instant alerts for geovision gv_dsp_lpr_v2

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-6047.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

GeoVision / GV_DSP_LPR_V2

all

GeoVision / GV_IPCAMD_GV_BX1500

all

GeoVision / GV_IPCAMD_GV_CB220

all

GeoVision / GV_IPCAMD_GV_EBL1100

all

GeoVision / GV_IPCAMD_GV_EFD1100

all

GeoVision / GV_IPCAMD_GV_FD2410

all

GeoVision / GV_IPCAMD_GV_FD3400

all

GeoVision / GV_IPCAMD_GV_FE3401

all

GeoVision / GV_IPCAMD_GV_FE420

all

GeoVision / GV-VS14_VS14

all

GeoVision / GV_VS03

all

GeoVision / GV_VS2410

all

GeoVision / GV_VS28XX

all

GeoVision / GV_VS216XX

all

GeoVision / GV VS04A

all

GeoVision / GV VS04H

all

GeoVision / GVLX 4 V2

all

GeoVision / GVLX 4 V3

all

GeoVision / GV_IPCAMD_GV_BX130

all

GeoVision / GV_GM8186_VS14

all

References

NVD ↗ CVE.org ↗ EPSS Data ↗

twcert.org.tw: https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html twcert.org.tw: https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html akamai.com: https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-6047