CVE-2026-7372

Name of the Vulnerable Software and Affected Versions GeoVision GV-VMS V20 version 20.0.2

Description A stack overflow exists in the WebCam Server Login functionality. An unauthenticated attacker can send a specially crafted HTTP request to trigger the issue, potentially leading to arbitrary code execution with SYSTEM privileges. The flaw occurs because the sscanf() function is used to split the Buffer variable into username and password variables without limiting the size of the extracted content. If either the username or password decoded from the authorization string exceeds 40 characters, a stack overflow occurs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.