Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated single HTTP request over the network triggers stack overflow RCE in a service process, giving full host compromise - AV:N/AC:L/PR:N/UI:N with C/I/A:H, scope unchanged.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
8DescriptionNVD
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
AnalysisAI
Remote code execution in GeoVision GV-VMS V20 (version 20.0.2) allows unauthenticated attackers to corrupt stack memory via a crafted HTTP request to the WebCam Server Login functionality, leading to arbitrary code execution on the video management system. The flaw is a CWE-787 out-of-bounds write (stack buffer overflow) carrying a CVSS 9.8 score, and no public exploit identified at time of analysis, though Talos has published a vulnerability report (TALOS-2026-2369). EPSS is currently low at 0.12%, but the unauthenticated network attack surface on a video surveillance product makes this a high-priority patching target.
Technical ContextAI
GeoVision GV-VMS is a Windows-based Video Management System used to aggregate, view, and record streams from IP cameras and DVRs in commercial and industrial surveillance deployments (CPE: cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2). The vulnerability sits in the WebCam Server component's Login handler, which exposes an HTTP interface intended for remote camera/operator access. CWE-787 (Out-of-bounds Write) on the stack typically indicates that an oversized or attacker-controlled length field in the login request is copied into a fixed-size stack buffer without bounds checking, overwriting the saved return address or adjacent control data and enabling hijack of execution flow - classic memory-corruption RCE territory on a native C/C++ server process.
RemediationAI
No vendor-released patch identified at time of analysis in the supplied data; consult the GeoVision security advisory page (https://www.geovision.com.tw/cyber_security.php) and the Talos report (https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2369) for a fixed build of GV-VMS V20, and upgrade once available. In the interim, restrict the WebCam Server HTTP interface to a management VLAN or VPN and block its listening port at the perimeter firewall so it is unreachable from untrusted networks (trade-off: legitimate remote camera operators must use the VPN); place the GV-VMS host behind a reverse proxy or WAF that enforces strict size limits on Login request fields to blunt the stack overflow (trade-off: may break overly long legitimate credentials and adds an inline failure point); and if the WebCam Server feature is not in use, disable it in the GV-VMS configuration to remove the vulnerable code path entirely (trade-off: loses remote browser-based camera viewing).
More in Gv Vms V20 0 2
View allRemote unauthenticated code execution in GeoVision GV-VMS V20 WebCam Server allows attackers to execute arbitrary code a
Remote code execution in GeoVision GV-VMS V20 20.0.2 allows unauthenticated attackers to execute arbitrary code as SYSTE
Same weakness CWE-787 – Out-of-bounds Write
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26861