10
/ 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:
#### Gateway field stack overflow
The following code is vulnerable to a stack overflow that is attacker-controlled:
v7 = strlen(g_network_config->gateway);
memcpy(&reply_buf[216], g_network_config->gateway, v7);
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:
#### Gateway field stack overflow
The following code is vulnerable to a stack overflow that is attacker-controlled:
v7 = strlen(g_network_config->gateway);
memcpy(&reply_buf[216], g_network_config->gateway, v7);
AI Analysis
Buffer overflow vulnerability in DVRSearch service allows remote attackers to execute arbitrary code via UDP messages
Basic Information
ID
CVE-2026-12847
Source
GV
Published
Jun 24, 2026 at 03:34
Affected Product
Vendor
GeoVision Inc.
Product
GV-I/O Box 4E
Version
V2.09
Affected Versions
GeoVision Inc. GV-I/O Box 4E V2.09
CWE Classification
AI Assessment
AI Score
10 / 10
AI Severity
Critical
Vendor
GeoVision Inc.
Product
GV-I/O Box 4E
Version
V2.09