Cyber Resilience

CVE-2024-6047

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 17 June 2024

Published
17 June 2024
Modified
30 October 2025
KEV Added
07 May 2025
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7297 98.8th percentile
Risk Priority 83 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6047 is a critical-severity OS Command Injection (CWE-78) vulnerability in Geovision Gvlx 4. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SA-22 (Unsupported System Components) and SI-10 (Information Input Validation).

Deeper analysis

Certain EOL GeoVision devices are affected by an OS command injection vulnerability (CWE-78) because they fail to properly filter user input for specific functionality. The flaw carries a CVSS score of 9.8 and permits unauthenticated remote code execution with full system impact.

Unauthenticated remote attackers can exploit the issue over the network to inject and execute arbitrary system commands on the device without requiring credentials or user interaction.

TW-CERT advisories address the vulnerability in the referenced publications, while an Akamai report documents active exploitation of the affected GeoVision devices in the Mirai IoT botnet. The associated EPSS score has remained high, with a current value of 0.7297 and a peak of 0.7335.

EU & UK References

Vulnerability details

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.

CWE(s)
KEV Date Added
07 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

geovision
gv-dsp lpr firmware
all versions
geovision
gv-bx130 firmware
all versions
geovision
gv-bx1500 firmware
all versions
geovision
gv-cb220 firmware
all versions
geovision
gv-ebl1100 firmware
all versions
geovision
gv-efd1100 firmware
all versions
geovision
gv-fd2410 firmware
all versions
geovision
gv-fd3400 firmware
all versions
geovision
gv-fe3401 firmware
all versions
geovision
gv-fe420 firmware
all versions
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of untrusted input, which would block the unsanitized user input that enables the OS command injection.

prevent

Mandates controls for unsupported/EOL components (replacement, isolation, or additional protections) precisely because these GeoVision devices receive no patches.

prevent

Enforces access-control decisions so that unauthenticated remote actors cannot reach the vulnerable command-execution functionality.

References