- Description
- Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
- Source
- twcert@cert.org.tw
- NVD status
- Analyzed
- CNA Tags
- unsupported-when-assigned
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- GeoVision Devices OS Command Injection Vulnerability
- Exploit added on
- May 7, 2025
- Exploit action due
- May 28, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- twcert@cert.org.tw
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/gxIuUvQiLL https://t.co/ffArbbYX4R
@RaghuNain
15 May 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/B7enCNcVKW https://t.co/j5fZYjzbpY
@epichol
12 May 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/551tEm98xj https://t.co/J4yOnJdvBX
@AngeloAkamai
8 May 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: GeoVision Devices OS Command Injection Vulnerability Exploited In The Wild 🚨 Vulnerability Details: CVE-2024-11120 (CVSS v3 9.8/10) GeoVision Devices OS Command Injection Vulnerability Impact: A successful exploit may allows a remote, unauthenticated attacker
@CyberxtronTech
8 May 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE Alert: GeoVision Devices OS Command Injection Vulnerability Exploited In The Wild 🚨 Vulnerability Details: CVE-2024-11120 (CVSS v3 9.8/10) GeoVision Devices OS Command Injection Vulnerability Impact: A successful exploit may allows a remote, unauthenticated attacker
@CyberxtronTech
8 May 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-11120 #GeoVision Devices OS Command Injection Vulnerability https://t.co/zCPYIgt97Y
@ScyScan
7 May 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. https://t.co/EFtnKu1WnV https://t.co/mHFY2yAIMR
@Akamai
7 May 2025
495 Impressions
2 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 GeoVision #IoT Devices Under Siege: Active Exploitation of #CVE-2024-6047 and #CVE-2024-11120 https://t.co/Q0qDT4bUdo
@UndercodeNews
7 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年4月、Akamaiのセキュリティチームは、GeoVision製IoTデバイスに存在するコマンドインジェクションの脆弱性(CVE-2024-6047およびCVE-2024-11120)を悪用するMiraiボットネットの活動を確認した。
@yousukezan
7 May 2025
1027 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Good morning! Two new KEVs this morning: - CVE-2024-6047 - CVE-2024-11120 Both Unauthenticated OS Command Injection affecting GeoVision EOL devices. https://t.co/AiQ9pP8frc
@ethicalhack3r
7 May 2025
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/HRR6Y8rAsJ https://t.co/JQ0VE7UYh8
@guigui_0921
7 May 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/EHs8J0bMgH https://t.co/lQAcoJnv0C
@ArminBolenius
7 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/zuSKV63u20 https://t.co/7JD4nIYW1x
@rohitprasad220
7 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
EXPLOIT DETECTED: Botnet exploiting CVE-2024-11120 in GeoVision devices, posing significant security risk.
@H1DR4_agent
25 Dec 2024
567 Impressions
2 Retweets
7 Likes
0 Bookmarks
1 Reply
0 Quotes
یک آسیبپذیری بحرانی باشناسهCVE-2024-11120وشدت 9.8دربرخی دستگاههای قدیمی وپایان تولیدGeoVisionکشف شده است این آسیبپذیری ازنوع تزریق فرمان سیستم عامل است وبه مهاجم احرازهویت نشداجازمیدهدازراه دور فرمانهای دلخواه خود رابر روی دستگاه اجرا کنند و کنترل کامل را به دست بگیرند. htt
@cybernetic_cy
25 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
یک آسیبپذیری بحرانی با شناسهCVE-2024-11120 و شدت9.8در برخی دستگاههای قدیمی وپایان تولید GeoVisionکشف شده است.این آسیبپذیری ازنوع تزریق فرمان سیستم عامل است وبه مهاجم احرازهویت نشده اجازه میدهد ازراه دورفرمانهای دلخواه خودرابرروی دستگاه اجراکنندوکنترل کامل رابه دست بگیرند
@cybernetic_cy
23 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Security Alert: CVE-2024-11120 is a Remote Code Execution vulnerability in end-of-life GeoVision devices, currently being actively exploited. Organizations should isolate vulnerable devices and replace them with supported alternatives to prevent unauthorized access!… https://t
@OstorlabSec
22 Nov 2024
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-11120
@transilienceai
21 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#CyberSecurity Alert: Scoperta una nuova minaccia significativa! La Shadowserver Foundation ha rivelato che una botnet mira i dispositivi obsoleti di GeoVision sfruttando una vulnerabilità zero-day, CVE-2024-11120. Con un punteggio CVSS di 9,8, questa falla consente il… https://t
@cyber_net_now
19 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#DOYOUKNOWCVE Botnet exploits GeoVision zero-day to compromise EoL devices! CVE-2024-11120 is a Critical zero-day vulnerability identified in certain end-of-life (EOL) GeoVision devices. This flaw is an OS Command Injection vulnerability that allows unauthenticated remote… https
@Loginsoft_Inc
19 Nov 2024
48 Impressions
1 Retweet
3 Likes
0 Bookmarks
0 Replies
0 Quotes
The vulnerability, now designated as CVE-2024-11120, has been assigned a high-severity CVSS score of 9.8 and used by a sophisticated botnet. #cybersecurity https://t.co/RAdkqlIS8b
@cybertzar
18 Nov 2024
28 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
The Shadowserver Foundation reports Mirai botnet variant exploiting a zero-day vulnerability in end-of-life GeoVision devices (CVE-2024-11120). About 17,000 devices are exposed online and vulnerable, with no security updates to be expected! https://t.co/52qlvy4a4Z #IoTSecurity
@iottestsorg
18 Nov 2024
14 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
به تازگی بدافزاری از نوع بات نت آسیب پذیری موجود در دیوایس های GeoVision را که از نوع Zero day بوده و دارای کد شناسایی CVE-2024-11120 می باشد را اکسپلویت می نماید.این آسیب پذیری دارای نمره 9.8 می باشد و به هکر امکان اجرای Command را می دهد. https://t.co/Poz3aKY03t https://t.co/Dy
@AmirHossein_sec
17 Nov 2024
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری روز صفر CVE-2024-11120 برای استقرار بات نت Mirai مورد سوء استفاده قرار گرفت https://t.co/pyWPA4I8oG
@vulnerbyte
17 Nov 2024
34 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A botnet is exploiting a zero-day vulnerability (CVE-2024-11120) in end-of-life GeoVision devices for DDoS and cryptomining attacks, affecting around 17,000 Internet-facing devices, primarily in the U.S., as reported by Shadowserver Foundation. https://t.co/FN1omVx7YB
@Cyber_O51NT
17 Nov 2024
758 Impressions
3 Retweets
5 Likes
3 Bookmarks
0 Replies
0 Quotes
A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. The flaw is tracked as CVE-2024-11120 has a critical severity (CVSS v3.1 score: 9.8). https://t.co/WCOKpIK24I https://t
@riskigy
16 Nov 2024
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11120 (CVSS 9.8): OS Command Injection Flaw in GeoVision Devices Actively Exploited, No Patch Beware of CVE-2024-11120: A critical #vulnerability in EOL #GeoVision devices allows remote attackers to execute arbitrary system commands. https://t.co/GpwlppUNw6
@the_yellow_fall
15 Nov 2024
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We observed a 0day exploit in the wild used by a botnet targeting GeoVision EOL devices. The pre-auth command injection vulnerability was verified in collaboration with TWCERT & GeoVision & assigned CVE-2024-11120 (CVSS 9.8) https://t.co/DflYdYZzto NVD: https://t.co/r5x
@Shadowserver
15 Nov 2024
3061 Impressions
10 Retweets
14 Likes
5 Bookmarks
1 Reply
1 Quote
CVE-2024-11120 Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitr… https://t.co/q7NgszUs7o
@CVEnew
15 Nov 2024
552 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geovision:gv-vs12_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C78AF1F-A287-4282-84F4-E6087250EEFE"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geovision:gv-vs12:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5A129787-4673-4701-933C-BD5365B61A53"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geovision:gv-vs11_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF1E4228-CE1E-4BAA-ADE8-F045B7A0B958"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geovision:gv-vs11:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "42E883F3-769C-4266-B75C-98CCB217471C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geovision:gv-dsp_lpr_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A816357-E53E-45DB-8655-2168D9B81F9F"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geovision:gv-dsp_lpr:3.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43C96B07-009A-44F1-97A4-91A4EC11B8CA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F102B6E2-FF3F-4A1A-B133-E06567EE6653"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geovision:gvlx_4:2.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CC0F181D-09E9-43CF-93A5-DA699F4436C5"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:geovision:gvlx_4_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F102B6E2-FF3F-4A1A-B133-E06567EE6653"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:geovision:gvlx_4:3.0:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "3699699F-80E7-44C8-8564-1448704BCCE0"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]