Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-11120 | GeoVision Devices OS Command Injection Vulnerability | exploitation_technique | T1133 | External Remote Services |
Comments
Specific end-of-life GeoVision IoT devices contain an insufficient input validation vulnerability that allows for unauthenticated attackers to inject arbitrary commands and execute them on the system.
References
|
| CVE-2024-11120 | GeoVision Devices OS Command Injection Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
Specific end-of-life GeoVision IoT devices contain an insufficient input validation vulnerability that allows for unauthenticated attackers to inject arbitrary commands and execute them on the system.
References
|
| CVE-2024-11120 | GeoVision Devices OS Command Injection Vulnerability | primary_impact | T1498 | Network Denial of Service |
Comments
Specific end-of-life GeoVision IoT devices contain an insufficient input validation vulnerability that allows for unauthenticated attackers to inject arbitrary commands and execute them on the system. This leads to denial of service.
References
|