CVE-2024-11120

Published Nov 15, 2024

Last updated 18 hours ago

Overview

Description
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
Source
twcert@cert.org.tw
NVD status
Modified
CNA Tags
unsupported-when-assigned

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
GeoVision Devices OS Command Injection Vulnerability
Exploit added on
May 7, 2025
Exploit action due
May 28, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

twcert@cert.org.tw
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

7

  1. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/551tEm98xj https://t.co/J4yOnJdvBX

    @AngeloAkamai

    8 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE Alert: GeoVision Devices OS Command Injection Vulnerability Exploited In The Wild 🚨 Vulnerability Details: CVE-2024-11120 (CVSS v3 9.8/10) GeoVision Devices OS Command Injection Vulnerability Impact: A successful exploit may allows a remote, unauthenticated attacker

    @CyberxtronTech

    8 May 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-11120 #GeoVision Devices OS Command Injection Vulnerability https://t.co/zCPYIgt97Y

    @ScyScan

    7 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. See details and IOCs of Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. https://t.co/EFtnKu1WnV https://t.co/mHFY2yAIMR

    @Akamai

    7 May 2025

    495 Impressions

    2 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 GeoVision #IoT Devices Under Siege: Active Exploitation of #CVE-2024-6047 and #CVE-2024-11120 https://t.co/Q0qDT4bUdo

    @UndercodeNews

    7 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 2025年4月、Akamaiのセキュリティチームは、GeoVision製IoTデバイスに存在するコマンドインジェクションの脆弱性(CVE-2024-6047およびCVE-2024-11120)を悪用するMiraiボットネットの活動を確認した。

    @yousukezan

    7 May 2025

    1027 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. Good morning! Two new KEVs this morning: - CVE-2024-6047 - CVE-2024-11120 Both Unauthenticated OS Command Injection affecting GeoVision EOL devices. https://t.co/AiQ9pP8frc

    @ethicalhack3r

    7 May 2025

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/HRR6Y8rAsJ https://t.co/JQ0VE7UYh8

    @guigui_0921

    7 May 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/EHs8J0bMgH https://t.co/lQAcoJnv0C

    @ArminBolenius

    7 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/zuSKV63u20 https://t.co/7JD4nIYW1x

    @rohitprasad220

    7 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. EXPLOIT DETECTED: Botnet exploiting CVE-2024-11120 in GeoVision devices, posing significant security risk.

    @H1DR4_agent

    25 Dec 2024

    567 Impressions

    2 Retweets

    7 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. یک آسیب‌پذیری بحرانی باشناسهCVE-2024-11120وشدت 9.8دربرخی دستگاه‌های قدیمی وپایان‌ تولیدGeoVisionکشف شده است این آسیب‌پذیری ازنوع تزریق فرمان سیستم عامل است وبه مهاجم احرازهویت نشداجازمی‌دهدازراه دور فرمان‌های دلخواه خود رابر روی دستگاه اجرا کنند و کنترل کامل را به دست بگیرند. htt

    @cybernetic_cy

    25 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. یک آسیب‌پذیری بحرانی با شناسهCVE-2024-11120 و شدت9.8در برخی دستگاه‌های قدیمی وپایان‌ تولید GeoVisionکشف شده است.این آسیب‌پذیری ازنوع تزریق فرمان سیستم عامل است وبه مهاجم احرازهویت نشده اجازه می‌دهد ازراه دورفرمان‌های دلخواه خودرابرروی دستگاه اجراکنندوکنترل کامل رابه دست بگیرند

    @cybernetic_cy

    23 Nov 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 Security Alert: CVE-2024-11120 is a Remote Code Execution vulnerability in end-of-life GeoVision devices, currently being actively exploited. Organizations should isolate vulnerable devices and replace them with supported alternatives to prevent unauthorized access!… https://t

    @OstorlabSec

    22 Nov 2024

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2024-11120

    @transilienceai

    21 Nov 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. #CyberSecurity Alert: Scoperta una nuova minaccia significativa! La Shadowserver Foundation ha rivelato che una botnet mira i dispositivi obsoleti di GeoVision sfruttando una vulnerabilità zero-day, CVE-2024-11120. Con un punteggio CVSS di 9,8, questa falla consente il… https://t

    @cyber_net_now

    19 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. #DOYOUKNOWCVE Botnet exploits GeoVision zero-day to compromise EoL devices! CVE-2024-11120 is a Critical zero-day vulnerability identified in certain end-of-life (EOL) GeoVision devices. This flaw is an OS Command Injection vulnerability that allows unauthenticated remote… https

    @Loginsoft_Inc

    19 Nov 2024

    48 Impressions

    1 Retweet

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated botnet. #cybersecurity https://t.co/RAdkqlIS8b

    @cybertzar

    18 Nov 2024

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. The Shadowserver Foundation reports Mirai botnet variant exploiting a zero-day vulnerability in end-of-life GeoVision devices (CVE-2024-11120). About 17,000 devices are exposed online and vulnerable, with no security updates to be expected! https://t.co/52qlvy4a4Z #IoTSecurity

    @iottestsorg

    18 Nov 2024

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. به تازگی بدافزاری از نوع بات نت آسیب پذیری موجود در دیوایس های GeoVision را که از نوع Zero day بوده و دارای کد شناسایی CVE-2024-11120 می باشد را اکسپلویت می نماید.این آسیب پذیری دارای نمره 9.8 می باشد و به هکر امکان اجرای Command را می دهد. https://t.co/Poz3aKY03t https://t.co/Dy

    @AmirHossein_sec

    17 Nov 2024

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. آسیب پذیری روز صفر CVE-2024-11120 برای استقرار بات نت Mirai مورد سوء استفاده قرار گرفت https://t.co/pyWPA4I8oG

    @vulnerbyte

    17 Nov 2024

    34 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. A botnet is exploiting a zero-day vulnerability (CVE-2024-11120) in end-of-life GeoVision devices for DDoS and cryptomining attacks, affecting around 17,000 Internet-facing devices, primarily in the U.S., as reported by Shadowserver Foundation. https://t.co/FN1omVx7YB

    @Cyber_O51NT

    17 Nov 2024

    758 Impressions

    3 Retweets

    5 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  23. A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 has a critical severity (CVSS v3.1 score: 9.8). https://t.co/WCOKpIK24I https://t

    @riskigy

    16 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2024-11120 (CVSS 9.8): OS Command Injection Flaw in GeoVision Devices Actively Exploited, No Patch Beware of CVE-2024-11120: A critical #vulnerability in EOL #GeoVision devices allows remote attackers to execute arbitrary system commands. https://t.co/GpwlppUNw6

    @the_yellow_fall

    15 Nov 2024

    64 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. We observed a 0day exploit in the wild used by a botnet targeting GeoVision EOL devices. The pre-auth command injection vulnerability was verified in collaboration with TWCERT & GeoVision & assigned CVE-2024-11120 (CVSS 9.8) https://t.co/DflYdYZzto NVD: https://t.co/r5x

    @Shadowserver

    15 Nov 2024

    3061 Impressions

    10 Retweets

    14 Likes

    5 Bookmarks

    1 Reply

    1 Quote

  26. CVE-2024-11120 Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitr… https://t.co/q7NgszUs7o

    @CVEnew

    15 Nov 2024

    552 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations