CVE-2024-11120

Known Exploited Public Exploit

GeoVision EOL devices - OS Command Injection

Description

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.

Remediation

Solution:

The affected devices are no longer being maintained. It is recommended to replace them.

References

Link	Tags
https://www.twcert.org.tw/tw/cp-132-8236-d4836-1.html	third party advisory
https://www.twcert.org.tw/en/cp-139-8237-26d7a-2.html	third party advisory
https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet	exploit third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-11120?: CVE-2024-11120 has been scored as a critical severity vulnerability.
How to fix CVE-2024-11120?: To fix CVE-2024-11120: The affected devices are no longer being maintained. It is recommended to replace them.
Is CVE-2024-11120 being actively exploited in the wild?: It is confirmed that CVE-2024-11120 is actively exploited. Be extra cautious if you are using vulnerable components. According to its EPSS score, there is a ~55% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-11120?: CVE-2024-11120 affects GeoVision GV-VS12, GeoVision GV-VS11, GeoVision GV-DSP_LPR_V3, GeoVision GVLX 4 V2, GeoVision GVLX 4 V3.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions