- Description
- Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
- Source
- twcert@cert.org.tw
- NVD status
- Awaiting Analysis
- CNA Tags
- unsupported-when-assigned
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- GeoVision Devices OS Command Injection Vulnerability
- Exploit added on
- May 7, 2025
- Exploit action due
- May 28, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- twcert@cert.org.tw
- CWE-78
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
#threatreport #MediumCompleteness Here Comes Mirai: IoT Devices RSVP to Active Exploitation | 07-05-2025 Source: https://t.co/z4y62kusIZ Key details below ↓ 💀Threats: Mirai, Infectedslurs_botnet, 🎯Victims: Geovision iot devices 🏭Industry: Iot 🔓CVEs: CVE-2024-604
@rst_cloud
8 May 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/551tEm98xj https://t.co/J4yOnJdvBX
@AngeloAkamai
8 May 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-6047 #GeoVision Devices OS Command Injection Vulnerability https://t.co/ChLlWcx4Xy
@ScyScan
7 May 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. https://t.co/EFtnKu1WnV https://t.co/mHFY2yAIMR
@Akamai
7 May 2025
495 Impressions
2 Retweets
8 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 GeoVision #IoT Devices Under Siege: Active Exploitation of #CVE-2024-6047 and #CVE-2024-11120 https://t.co/Q0qDT4bUdo
@UndercodeNews
7 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2025年4月、Akamaiのセキュリティチームは、GeoVision製IoTデバイスに存在するコマンドインジェクションの脆弱性(CVE-2024-6047およびCVE-2024-11120)を悪用するMiraiボットネットの活動を確認した。
@yousukezan
7 May 2025
1027 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
Good morning! Two new KEVs this morning: - CVE-2024-6047 - CVE-2024-11120 Both Unauthenticated OS Command Injection affecting GeoVision EOL devices. https://t.co/AiQ9pP8frc
@ethicalhack3r
7 May 2025
241 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/HRR6Y8rAsJ https://t.co/JQ0VE7UYh8
@guigui_0921
7 May 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/EHs8J0bMgH https://t.co/lQAcoJnv0C
@ArminBolenius
7 May 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ハッカーらがSamsung MagicINFOとGeoVision IoTの脆弱性を悪用し、Miraiボットネットを展開(CVE-2024-6047、CVE-2024-7399他) 🐼Panda Shop:中国系カーディング集団の大規模スミッシング 〜サイバーアラート 5月7日〜 ht
@MachinaRecord
7 May 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/zuSKV63u20 https://t.co/7JD4nIYW1x
@rohitprasad220
7 May 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes