1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. GeoVision Devices OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2024-6047

Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability exploitation_technique T1055 Process Injection
Comments
End-of-life GeoVision IoT devices contain improper input filtering, allowing for commands to be injected into the szSrvIpAddr parameter of the /DateSetting.cgi endpoint. Exploiting this vulnerability can allow remote code execution on the system.
References
  1. https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
CVE-2024-6047 GeoVision Devices OS Command Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
End-of-life GeoVision IoT devices contain improper input filtering, allowing for commands to be injected into the szSrvIpAddr parameter of the /DateSetting.cgi endpoint. Exploiting this vulnerability can allow remote code execution on the system.
References
  1. https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet