GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

AI Analysis

Stack overflow vulnerability in WebCam Server Login functionality allowing arbitrary code execution

Basic Information

ID CVE-2026-42370

Source GV

Published May 4, 2026 at 00:48

Affected Product

Vendor GeoVision Inc.

Product GV-VMS V20.0.2

Version 20.0.2

Affected Versions GeoVision Inc. GV-VMS V20.0.2 20.0.2

CWE Classification

CWE-787

AI Assessment

AI Score 9 / 10

AI Severity Critical

Vendor GeoVision Inc.

Product GV-VMS V20

Version 20.0.2

References

{
    "lastseen": "",
    "description": "A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.",
    "published": "2026-05-04T00:48:05.154Z",
    "modified": "2026-05-04T00:48:05.154Z",
    "type": "cve",
    "title": "GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability",
    "source": "GV",
    "references": "https://www.geovision.com.tw/cyber_security.php\nhttps://talosintelligence.com/vulnerability_reports/",
    "id": "CVE-2026-42370",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787"
    ],
    "cvelist": null,
    "sourceData": "GeoVision Inc. GV-VMS V20.0.2 20.0.2",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GV-VMS V20.0.2",
    "version": "20.0.2",
    "vendor": "GeoVision Inc.",
    "ai_description": "Stack overflow vulnerability in WebCam Server Login functionality allowing arbitrary code execution",
    "ai_severity": "Critical",
    "ai_vendor": "GeoVision Inc.",
    "ai_product": "GV-VMS V20",
    "ai_version": "20.0.2",
    "ai_score": 9
}

GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability_CVE-2026-42370