Cyber Resilience

CVE-2026-7372

Critical

Published: 04 May 2026

Published
04 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0046 36.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-7372 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Geovision Gv-Vms Firmware. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-7372 is a stack overflow vulnerability in the WebCam Server Login functionality of GeoVision GV-VMS V20 version 20.0.2. The issue stems from an unconstrained call to sscanf that parses the Buffer variable into username and password stack variables without limiting the extracted content to the 40-character size of those buffers. A specially crafted HTTP request can trigger the overflow, enabling arbitrary code execution, and is classified under CWE-787 with a CVSS v3.1 score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

An unauthenticated remote attacker can exploit this vulnerability by sending a malicious HTTP request containing an overly long username or password in the authorization string, exceeding the 40-character buffer limits and causing a stack overflow. While attacker-controlled data enables the overflow, exploitation may be complicated by constraints such as the absence of null bytes. Successful exploitation leads to full arbitrary code execution with SYSTEM privileges on the host running the service.

For mitigation details, refer to advisories from Talos Intelligence at https://talosintelligence.com/vulnerability_reports/ and GeoVision's cyber security page at https://www.geovision.com.tw/cyber_security.php.

EU & UK References

Vulnerability details

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.…

more

#### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack overflow in unauthenticated WebCam Server Login (HTTP) directly enables remote exploitation of a public-facing application for arbitrary code execution as SYSTEM.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-42370Same product: Geovision Gv-Vms
CVE-2025-27807Shared CWE-787
CVE-2024-48856Shared CWE-787
CVE-2025-14234Shared CWE-787
CVE-2018-25223Shared CWE-787
CVE-2018-25154Shared CWE-787
CVE-2024-57704Shared CWE-787
CVE-2025-29384Shared CWE-787
CVE-2024-12648Shared CWE-787
CVE-2025-30276Shared CWE-787

Affected Assets

geovision
gv-vms firmware
≤ 21.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of HTTP authorization string inputs to limit username and password lengths to 40 characters, preventing the unconstrained sscanf from causing stack overflow.

prevent

Implements runtime memory protections like stack canaries, ASLR, and DEP to block exploitation of the stack buffer overflow even if input validation fails.

prevent

Mandates identification, prioritization, and remediation of the specific stack overflow flaw in GeoVision GV-VMS via patching or upgrades to eliminate the vulnerability.

References