Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Unauthenticated UDP service on the network with a trivially triggered stack overflow yielding code execution that crosses from the service to the device OS, justifying S:C and full C/I/A:H.
Primary rating from Vendor (GV).
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:
Gateway field stack overflow
The following code is vulnerable to a stack overflow that is attacker-controlled:
v7 = strlen(g_network_config->gateway);
memcpy(&reply_buf[216], g_network_config->gateway, v7);
AnalysisAI
Stack-based buffer overflow in the GeoVision GV-I/O Box 4E DVRSearch service allows unauthenticated network attackers to corrupt memory by sending a crafted UDP datagram to port 10001. The flaw stems from an unchecked memcpy of the device's configured gateway field into a fixed-offset reply buffer, enabling code execution on the embedded device with no public exploit identified at time of analysis.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | DVRSearch must be running (it is on by default on UDP/10001) and the attacker must have network reachability to that port on the GV-I/O Box 4E, plus the ability to influence the device's stored gateway field (the value copied into the stack buffer) - typically achievable by any user on the same network segment per the description. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All signals converge on maximum severity: CVSS 10.0 with AV:N/AC:L/PR:N/UI:N/S:C and full C/I/A impact describes pre-authentication remote code execution against a network-exposed UDP service with scope change, consistent with a classic embedded stack smash. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker on the same broadcast domain as the GV-I/O Box 4E first manipulates the device's gateway configuration to contain a long malicious string, then sends a single UDP discovery packet to port 10001. The DVRSearch handler executes the vulnerable memcpy when assembling its reply, overwriting the saved return address on the stack and redirecting execution to attacker shellcode resident on the embedded controller. … |
| Remediation | No vendor-released patch identified at time of analysis; monitor the GeoVision cybersecurity page at https://www.geovision.com.tw/cyber_security.php and TALOS-2026-2377 at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2377 for firmware updates and apply the fixed image as soon as it is published. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all GeoVision GV-I/O Box 4E devices in the network; implement firewall ACLs to restrict UDP port 10001 access to only trusted administrative networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gv I O Box 4E
View allStack-based buffer overflow in GeoVision GV-I/O Box 4E embedded I/O controllers allows unauthenticated network attackers
Remote unauthenticated stack-based buffer overflow in GeoVision GV-I/O Box 4E smart I/O appliances allows any host on th
Stack-based buffer overflow in GeoVision GV-I/O Box 4E allows unauthenticated remote attackers to overflow a fixed-size
OS command injection in GeoVision GV-I/O Box 4E firmware 2.09 allows authenticated remote attackers to execute arbitrary
OS command injection in GeoVision GV-I/O Box 4E firmware 2.09 allows remote attackers with high privileges to execute ar
Remote OS command injection in GeoVision GV-I/O Box 4E firmware 2.09 allows attackers with high privileges to execute ar
OS command injection in GeoVision GV-I/O Box 4E firmware 2.09 allows attackers who can reach the device's network servic
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38648
GHSA-6hhf-75q4-5pc2