Severity by source
AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H
Server impersonation requires MitM network positioning (AC:H) but no privileges on the target (PR:N); impact is confirmed DoS only, with no confidentiality or integrity effect described.
Primary rating from Vendor (GV).
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.
A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.
AnalysisAI
Stack-based buffer overflow (CWE-121) in the GV-Cloud component of GeoVision GV-VMS V20 20.0.2 enables a remote attacker with a network-intercept position to crash the video management system, causing high-impact denial of service against physical security infrastructure. Exploitation requires impersonating the legitimate GV-Cloud server - achieved via MitM techniques - and delivering a specially crafted network payload that corrupts stack memory in the GV-Cloud client handler. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to occupy a network-intercept position capable of impersonating the GeoVision GV-Cloud server - specifically achievable through ARP spoofing on the same LAN segment as the GV-VMS host, DNS cache poisoning targeting the cloud server hostname, BGP-level route injection, or deployment of a rogue access point. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.1 score of 6.2 (Medium) reflects genuinely constrained attack conditions: AV:N confirms the attack is network-reachable, but AC:H (attacker must successfully impersonate the cloud server) materially limits the realistic attacker pool to those capable of DNS poisoning, ARP spoofing, rogue-AP deployment, or network-path hijacking. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker positioned on the network path between a GV-VMS host and the GeoVision cloud endpoint - via ARP poisoning on a shared LAN segment, DNS hijacking, or rogue Wi-Fi access point - intercepts an outbound cloud connection initiated by the VMS software. The attacker responds with a specially crafted network payload that exceeds the stack buffer allocated for server response handling, corrupting the call stack and crashing the GV-VMS process. … |
| Remediation | Consult the GeoVision security advisory at https://www.geovision.com.tw/cyber_security.php for the specific patched GV-VMS release - no exact fixed version number is independently confirmed in the available intelligence, so the advisory page must be checked directly. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38645
GHSA-7j74-f2vx-3rfg