Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Network-reachable but gated by AC:H and UI:R with no auth (PR:N); the 'Information Disclosure' tag plus an OOB-index read supports C:H and a possible crash (A:L), with no evidence of an integrity write (I:N).
Primary rating from Vendor (GV).
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly.
pause command index-out-of-bound
AnalysisAI
Out-of-bounds array indexing in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Cloud) allows a remote attacker to leak memory or crash the local WebSocket service by delivering a malformed 'pause' command. The addon runs a WebSocket server that backs the browser interfaces of GeoVision products such as GV-VMS and GV-Cloud, so any browser tricked into connecting to it can trigger the flaw. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the GeoWebPlayer addon (a.k.a. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H, base 8.3) marks this as network-reachable and unauthenticated but gated by high attack complexity and required user interaction, with a scope change reflecting that a web-origin attacker crosses into the separate WebSocket process. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker crafts a malicious web page that, when opened by a victim on a host running GeoWebPlayer, silently opens a WebSocket connection to the local GeoWebPlayer server and issues a 'pause' command carrying an out-of-bounds array index. The resulting out-of-range memory access leaks process memory back to the attacker or crashes the service, denying the GeoVision web interface. … |
| Remediation | Patch available per vendor advisory - consult the GeoVision cyber security page (https://www.geovision.com.tw/cyber_security.php) and TALOS-2026-2373 (https://talosintelligence.com/vulnerability_reports/TALOS-2026-2373) for the fixed GeoWebPlayer build, as no exact fixed version is present in the provided data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all GeoVision GV-VMS, GV-Cloud, and GeoWebPlayer installations and restrict WebSocket access via firewall to administrative networks only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Geowebplayer
View allMissing authentication in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS-Clo
Remote code execution in GeoVision GeoWebPlayer (the browser-facing 'Web Plugin'/'WS Player' addon bundled with GV-VMS,
Cross-site WebSocket-driven buffer overflow in GeoVision GeoWebPlayer (the 'Web Plugin'/'WS Player' addon bundled with G
Buffer overflow vulnerabilities in GeoVision's GeoWebPlayer WebSocket addon (CWE-120) allow a remote attacker to induce
Remote code execution in GeoVision GeoWebPlayer (the "Web Plugin"/"WS Player" addon bundled with GV-VMS, GV-Cloud and VM
Out-of-bounds array access in GeoVision's GeoWebPlayer addon (also branded 'Web Plugin' in GV-VMS and 'WS Player' in VMS
Buffer overflow in GeoVision's GeoWebPlayer addon (also branded "Web Plugin" in GV-VMS and "WS Player" in VMS-Cloud) all
Stack buffer overflow in GeoVision's GeoWebPlayer addon (also branded "Web Plugin" for GV-VMS and "WS Player" for VMS-Cl
Out-of-bounds array access in GeoVision's GeoWebPlayer add-on (also branded 'Web Plugin' for GV-VMS and 'WS Player' for
Out-of-bounds array access in GeoVision's GeoWebPlayer (a.k.a. 'Web Plugin' / 'WS Player') addon lets an attacker read m
Out-of-bounds array access in GeoVision GeoWebPlayer (a.k.a. "Web Plugin"/"WS Player"), a websocket-server addon bundled
Out-of-bounds array access in GeoVision's GeoWebPlayer (the 'Web Plugin'/'WS Player' addon bundled with GV-VMS, GV-Cloud
Same weakness CWE-129 – Improper Validation of Array Index
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41233
GHSA-ggj6-4g5f-g778