CVE-2026-12485

CRITICAL 10.0

GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

CVSS Score

10.0

EPSS Score

0.0%

EPSS Percentile

0th

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### IP field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v3 = strlen(g_network_config->ip_addr); memcpy(&reply_buf[36], g_network_config->ip_addr, v3);

CWE	CWE-121
Vendor	geovision inc.
Product	gv-i/o box 4e
Published	Jun 24, 2026

Stay Ahead of the Next One

Get instant alerts for geovision inc. gv-i/o box 4e

Be the first to know when new critical vulnerabilities affecting geovision inc. gv-i/o box 4e are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

GeoVision Inc. / GV-I/O Box 4E

V2.09

References

NVD ↗ CVE.org ↗ EPSS Data ↗

geovision.com.tw: https://www.geovision.com.tw/cyber_security.php talosintelligence.com: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377

Credits

Philippe Laulheret of Cisco Talos Kelly Patterson of Cisco Talos Robert Sherwin of Cisco Talos