CVE-2026-12848
Received Received - Intake
DVRSearch Stack Buffer Overflow in GV-I/O Box 4E

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### DNS field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v8 = strlen(g_network_config->dns_addr); memcpy(&reply_buf[248], g_network_config->dns_addr, v8);
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-12848
EUVD
EUVD-2026-38649
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
geovision gv-i/o_box_4e 2.09
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability has a critical impact with a CVSS score of 10.0, meaning it can be exploited remotely without any privileges or user interaction. An attacker on the network can send specially crafted UDP messages to trigger the stack overflow, potentially leading to complete compromise of the device. This includes full control over confidentiality, integrity, and availability of the device.

Compliance Impact

The vulnerability in the GeoVision GV-I/O Box 4E DVR allows for arbitrary code execution due to a stack-based buffer overflow, which can lead to full compromise of confidentiality, integrity, and availability of the device.

Such a critical security flaw can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity. A successful exploit could lead to unauthorized access or data breaches, violating these regulations' requirements for data protection and system security.

Executive Summary

The vulnerability exists in the GV-I/O Box 4E, a smart embedded device controlled over Ethernet and RS-485. The DVRSearch service listens for UDP messages on port 10001 and processes incoming messages by reading up to 1460 bytes into a local buffer. A stack overflow occurs when the service copies the DNS address string into a fixed position in the reply buffer without proper bounds checking, allowing an attacker to overwrite the stack with controlled data.

Detection Guidance

This vulnerability involves the DVRSearch service listening on UDP port 10001 on the GV-I/O Box 4E device. Detection can focus on monitoring network traffic for UDP packets sent to port 10001.

You can use network scanning and packet capture tools to detect the presence of this service and potentially malicious activity targeting it.

  • Use nmap to detect if UDP port 10001 is open on the device: nmap -sU -p 10001 <device_ip>
  • Use tcpdump or Wireshark to capture and analyze UDP packets sent to port 10001: tcpdump -i <interface> udp port 10001
  • Look for unusually large UDP packets (up to 1460 bytes) sent to port 10001 which might indicate attempts to exploit the buffer overflow.
Mitigation Strategies

Immediate mitigation steps include restricting access to the DVRSearch service on UDP port 10001 to trusted users only.

Since the vulnerability allows any user on the network to send messages to the service, network segmentation and firewall rules should be applied to block unauthorized access.

  • Implement firewall rules to block or limit UDP traffic to port 10001 from untrusted sources.
  • Isolate the GV-I/O Box 4E device on a separate VLAN or network segment to reduce exposure.
  • Monitor network traffic for suspicious UDP packets targeting port 10001.

Long term mitigation would require a patch or update from the vendor to fix the stack overflow vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12848. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart