CVE-2026-42370
Stack Overflow in GeoVision GV-VMS Login
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-vms_firmware | to 21.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack overflow issue in the WebCam Server Login functionality of GeoVision GV-VMS version 20.0.2. It can be triggered by sending a specially crafted HTTP request.
An attacker can exploit this vulnerability without authentication by making such a request, which may lead to arbitrary code execution on the affected system.
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected system.
- The attacker does not need to be authenticated to trigger the vulnerability.
- Successful exploitation can lead to full compromise of confidentiality, integrity, and availability of the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-42370 vulnerability allows unauthenticated arbitrary code execution via a stack overflow in the GeoVision GV-VMS WebCam Server Login functionality, which poses a high risk to confidentiality, integrity, and availability of the affected system.
While the provided context does not explicitly mention compliance with standards such as GDPR or HIPAA, vulnerabilities that enable unauthorized code execution and potential data breaches can negatively impact compliance with these regulations, which require protection of personal and sensitive data.
GeoVision maintains a structured cybersecurity policy with timely vulnerability management and updates, which supports adherence to recognized security standards and helps mitigate risks that could affect regulatory compliance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for specially crafted unauthenticated HTTP requests targeting the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to look for unusual or malformed HTTP requests to the login endpoint.
Specific commands or signatures are not provided in the available resources. However, general detection methods include capturing HTTP traffic with tools like tcpdump or Wireshark and analyzing for suspicious login requests.
- Use tcpdump to capture HTTP traffic: tcpdump -i <interface> -A 'tcp port 80 or 443'
- Use Wireshark to filter HTTP requests to the GeoVision WebCam Server login endpoint.
- Deploy or update IDS/IPS signatures to detect exploitation attempts targeting this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying any available security updates or patches provided by GeoVision for GV-VMS V20 20.0.2. GeoVision follows a structured vulnerability management process and issues unscheduled updates for critical vulnerabilities such as this one.
If patches are not yet available, it is recommended to restrict network access to the affected WebCam Server login functionality, for example by limiting access to trusted networks or using firewall rules to block unauthenticated HTTP requests.
Additionally, monitoring and logging access attempts to detect exploitation attempts can help in early identification and response.