CVE-2024-11120

Name of the Vulnerable Software and Affected Versions GeoVision GV-VS12 (affected versions not specified) GeoVision GV-VS11 (affected versions not specified) GeoVision GV-DSP LPR V3 (affected versions not specified) GeoVision GVLX 4 V2 (affected versions not specified) GeoVision GVLX 4 V3 (affected versions not specified)

Description Certain end-of-life (EOL) devices contain an OS Command Injection flaw, which occurs due to the improper neutralization of special elements used in operating system commands. This allows unauthenticated remote attackers to inject and execute arbitrary system commands on the device by sending specially crafted network requests. Approximately 17,000 devices worldwide are estimated to be vulnerable. This issue has been actively exploited by a sophisticated botnet, similar to Mirai, to compromise devices for DDoS attacks and cryptocurrency mining. Signs of infection include device overheating and decreased performance.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.