CVE-2024-11120
Published: 15 November 2024
Summary
CVE-2024-11120 is a critical-severity OS Command Injection (CWE-78) vulnerability in Geovision Gvlx 4 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
Certain EOL GeoVision devices contain an OS command injection vulnerability tracked as CVE-2024-11120 and assigned CWE-78. The flaw permits unauthenticated remote attackers to supply and execute arbitrary system commands, reflected in its CVSS 3.1 score of 9.8 with a network attack vector, no required credentials or user interaction, and full impact on confidentiality, integrity, and availability.
Attackers can reach affected devices directly over the network and obtain complete control by injecting operating-system commands. The vulnerability has already been exploited in the wild, with incident reports confirming active use against these end-of-life products.
TW-CERT advisories and the Akamai security research blog detail the issue and note its incorporation into Mirai-based IoT botnets, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog. The associated EPSS score reached a peak of 0.6614 with no subsequent material change.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-33664
Vulnerability details
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received…
more
related reports.
- CWE(s)
- KEV Date Added
- 07 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input to block crafted payloads that produce OS command injection (CWE-78).
Mandates replacement or isolation of unsupported EOL components whose lack of patches leaves the command-injection flaw permanently exposed.
Boundary-protection rules can block network-reachable unauthenticated access to the vulnerable device interfaces before injection occurs.