Tag

#GV-I/O Box 4E

blogCRITICAL 10.0

Understanding and Defending Against CVE-2026-12848: A Critical Stack Overflow Vulnerability in GV-I/O Box 4E

This educational analysis delves into CVE-2026-12848, a critical stack overflow vulnerability with a CVSS score of 10, affecting GeoVision's GV-I/O Box 4E. The vulnerability resides in the DVRSearch service, which listens for UDP messages on port 10001. We will explore the root cause, attack surface, exploitation mechanics, real-world impact, and defensive strategies to mitigate this threat.

1 source
newsCRITICAL 10.0

Critical Stack Overflow Vulnerability in GeoVision GV-I/O Box 4E (CVE-2026-12846)

A critical stack overflow vulnerability (CVE-2026-12846) with a CVSS score of 10 has been discovered in GeoVision GV-I/O Box 4E, a smart embedded device. The vulnerability affects version V2.09 and can be exploited by sending a crafted UDP message to the DVRSearch service listening on port 10001. Immediate action is required to update to a non-vulnerable version.

1 source
articleCRITICAL 10.0

Critical Stack Overflow Vulnerability in GeoVision GV-I/O Box 4E (CVE-2026-12485)

A critical stack overflow vulnerability (CVE-2026-12485) with a CVSS score of 10 has been discovered in GeoVision's GV-I/O Box 4E, a smart embedded device used for input and output control over Ethernet and RS-485. The vulnerability exists in the DVRSearch service, which listens for UDP messages on port 10001, allowing any network user to interact with it. Successful exploitation could lead to remote code execution, high impact on confidentiality, integrity, and availability. Affected versions include V2.09, and the vendor has released a patched version v2.12.

1 source