Skip to main content

GeoVision GV-VMS V20 CVE-2026-7372

| EUVDEUVD-2026-26864 CRITICAL
Out-of-bounds Write (CWE-787)
2026-05-04 GV
9.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.0 CRITICAL
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 04, 2026 - 01:47 vuln.today
EUVD ID Assigned
May 04, 2026 - 01:15 euvd
EUVD-2026-26864
Analysis Generated
May 04, 2026 - 01:15 vuln.today
CVE Published
May 04, 2026 - 00:47 nvd
CRITICAL 9.0

DescriptionCVE.org

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Stack-overflow via unconstrained sscanf

The call to sscanf at [1] to split the Buffer variable into the username and password variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds 40 characters (the size the stack variables username and password) then a stack overflow will occur.

The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.

AnalysisAI

Remote code execution in GeoVision GV-VMS V20 20.0.2 allows unauthenticated attackers to execute arbitrary code as SYSTEM via stack overflow in WebCam Server Login functionality. A specially crafted HTTP request with oversized username or password fields (exceeding 40 characters) triggers unconstrained sscanf buffer handling. CVSS 9.0 with high attack complexity reflects exploitation constraints (no null bytes allowed in payload), though network vector and lack of authentication requirements present significant risk. No active exploitation confirmed (not in CISA KEV); EPSS data unavailable for final risk assessment.

Technical ContextAI

This is a classic stack-based buffer overflow (CWE-787: Out-of-bounds Write) in the WebCam Server Login component of GeoVision GV-VMS V20 20.0.2. The vulnerability originates from unsafe use of sscanf() to parse HTTP Basic Authentication credentials. The code extracts username and password into fixed 40-byte stack buffers without bounds checking, allowing input exceeding this size to overflow adjacent stack memory. The affected product (cpe:2.3:a:geovision_inc.:gv-vms_v20.0.2) is a video management system commonly deployed in enterprise surveillance infrastructure. Stack overflows of this nature can overwrite return addresses and execute attacker-controlled code, though exploitation complexity increases due to constraints like null-byte restrictions in HTTP authentication strings and potential stack protections (ASLR, DEP, stack canaries).

RemediationAI

Apply the vendor-supplied security update immediately by consulting GeoVision's official cyber security advisory at https://www.geovision.com.tw/cyber_security.php for patch download and installation instructions. The advisory should specify the fixed version (likely 20.0.3 or later, though exact version not confirmed in available data). Until patching is complete, implement network segmentation to restrict WebCam Server Login interface access to trusted management networks only - block external access to the service port (typically TCP 80/443 for web-based VMS). Configure firewall rules or authentication gateways to require VPN access before reaching the vulnerable service. Note this workaround reduces attack surface but does not eliminate risk from internal threats or lateral movement scenarios. For environments where immediate patching is infeasible, consider temporarily disabling the WebCam Server Login feature if business operations permit, though this may impact remote camera management capabilities. Monitor authentication logs for unusual patterns (repeated failed logins with maximum-length credentials) as potential exploitation indicators. Verify patch application through version confirmation in GV-VMS interface post-update.

Share

CVE-2026-7372 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy