CVE-2026-7372
Stack Overflow in GeoVision GV-VMS Login
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-vms_firmware | to 21.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability is a stack overflow in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. It occurs because the sscanf function used to split the authorization string into username and password does not limit the size of the extracted content to the size of the destination buffers. If the username or password exceeds 40 characters, it causes a stack overflow.
An attacker can send a specially crafted unauthenticated HTTP request to trigger this vulnerability, potentially leading to arbitrary code execution with SYSTEM privileges on the affected machine.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an unauthenticated attacker to execute arbitrary code on the affected system with SYSTEM-level privileges.
Successful exploitation could lead to full control over the machine running the GeoVision GV-VMS service, potentially compromising confidentiality, integrity, and availability of the system and its data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for specially crafted unauthenticated HTTP requests targeting the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. Specifically, requests containing authorization strings where the username or password fields exceed 40 characters may indicate an attempt to exploit the stack overflow.
Network detection can involve capturing HTTP traffic and inspecting Authorization headers for unusually long username or password fields.
Example commands to detect such attempts could include using packet capture tools like tcpdump or Wireshark to filter HTTP requests to the vulnerable service, for example:
- tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i Authorization
- Using Wireshark, apply a display filter for http.authorization and inspect the length of username and password fields.
Additionally, custom scripts can be written to parse logs or captured traffic to identify Authorization headers with fields exceeding 40 characters.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable GeoVision GV-VMS V20 20.0.2 WebCam Server Login service by implementing network-level controls such as firewalls or access control lists to limit incoming HTTP requests.
Additionally, monitoring and blocking HTTP requests with suspiciously long authorization strings can help prevent exploitation attempts.
Applying any available patches or updates from the vendor that address this stack overflow vulnerability is critical once they become available.
Until a patch is applied, consider disabling or isolating the vulnerable service if possible to prevent unauthenticated access.