CVE-2026-12850
Received Received - Intake
Command Injection in GeoVision GV-I/O Box

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various services, configure IP, Netmask, gateway, dns, etc.) #### CNetSetObj::m_F_n_Set_Gate_way command injection The following function takes a string as a gatewy address, performs no sanitization on it and calls `system`. This is a classic command injection vulnerability. The function is reachable from both the network-exposed `DVRSearch` service and the `Network.cgi` endpoint. int __fastcall CNetSetObj::m_F_n_Set_Gate_way(const char **this, char *gw, char *dev) { char s[324]; // [sp+4h] [bp-144h] BYREF if ( !dev && !*this || !gw ) return 0; system("/sbin/route del -net 224.0.0.0 netmask 224.0.0.0"); system("/sbin/route del default "); if ( dev ) sprintf(s, "/sbin/route add default gw %s dev %s", gw, dev); //attacker controlled gw string else sprintf(s, "/sbin/route add default gw %s dev %s", gw, *this); //attacker controlled gw string system(s); sprintf(s, "/sbin/route add -net 224.0.0.0 netmask 224.0.0.0 gw %s dev %s", gw, *this); //attacker controlled gw string system(s); return 1; }
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-12850
EUVD
EUVD-2026-38652
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
geovision gv-i/o_box 2.09
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a multiple OS command injection issue found in the libNetSetObj.so functionality of the GeoVision GV-I/O Box 4E version 2.09. It occurs because the function that sets the gateway address takes an input string without any sanitization and uses it directly in system commands. An attacker can send a specially crafted network packet to the device, exploiting the network-exposed DVRSearch service or the Network.cgi endpoint, to execute arbitrary OS commands on the device.

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to execute arbitrary operating system commands remotely on the affected device. This can lead to complete compromise of the device, including unauthorized control over network configurations, disruption of services, data theft, or further attacks within the network.

Detection Guidance

This vulnerability can be detected by monitoring network traffic for specially crafted packets sent to the DVRSearch service or the Network.cgi endpoint on GeoVision GV-I/O Box devices.

Since the vulnerability involves command injection via the gateway address parameter, detection can include checking for unusual or suspicious commands executed on the device related to routing changes.

Specific commands to detect exploitation attempts are not provided in the available information.

Mitigation Strategies

Immediate mitigation steps are not explicitly detailed in the provided information.

However, general best practices would include restricting access to the vulnerable services (DVRSearch and Network.cgi endpoints), applying network-level filtering to block suspicious packets, and avoiding exposure of the device to untrusted networks.

Additionally, monitoring and logging command executions related to network configuration changes may help detect exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-12850. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart