CVE-2024-6047

Published Jun 17, 2024

Last updated 2 months ago

Overview

Description
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Source
twcert@cert.org.tw
NVD status
Analyzed
CNA Tags
unsupported-when-assigned

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
GeoVision Devices OS Command Injection Vulnerability
Exploit added on
May 7, 2025
Exploit action due
May 28, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

twcert@cert.org.tw
CWE-78

Social media

Hype score
Not currently trending
  1. #Malware #Vulnerability Botnet Exploits Old GeoVision IoT Devices via CVE-2024-6047 & CVE-2024-11120 https://t.co/ueeF5Mt5mC

    @Komodosec

    30 Jun 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Akamai セキュリティブログ:Mirai が招く、IoT デバイスの悪用 廃止済みの GeoVision IoTデバイスにおけるコマンドインジェクションの脆弱性(CVE-2024-6047、CVE-2024-11120)が悪用されていることを確認。本ブログでは

    @akamai_jp

    2 Jun 2025

    259 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/gxIuUvQiLL https://t.co/ffArbbYX4R

    @RaghuNain

    15 May 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/B7enCNcVKW https://t.co/j5fZYjzbpY

    @epichol

    12 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2024-6047

    @transilienceai

    11 May 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-6047

    @transilienceai

    10 May 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. #threatreport #MediumCompleteness Here Comes Mirai: IoT Devices RSVP to Active Exploitation | 07-05-2025 Source: https://t.co/z4y62kusIZ Key details below ↓ 💀Threats: Mirai, Infectedslurs_botnet, 🎯Victims: Geovision iot devices 🏭Industry: Iot 🔓CVEs: CVE-2024-604

    @rst_cloud

    8 May 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/551tEm98xj https://t.co/J4yOnJdvBX

    @AngeloAkamai

    8 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-6047 #GeoVision Devices OS Command Injection Vulnerability https://t.co/ChLlWcx4Xy

    @ScyScan

    7 May 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. See details and IOCs of Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. https://t.co/EFtnKu1WnV https://t.co/mHFY2yAIMR

    @Akamai

    7 May 2025

    495 Impressions

    2 Retweets

    8 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🚨 GeoVision #IoT Devices Under Siege: Active Exploitation of #CVE-2024-6047 and #CVE-2024-11120 https://t.co/Q0qDT4bUdo

    @UndercodeNews

    7 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 2025年4月、Akamaiのセキュリティチームは、GeoVision製IoTデバイスに存在するコマンドインジェクションの脆弱性(CVE-2024-6047およびCVE-2024-11120)を悪用するMiraiボットネットの活動を確認した。

    @yousukezan

    7 May 2025

    1027 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. Good morning! Two new KEVs this morning: - CVE-2024-6047 - CVE-2024-11120 Both Unauthenticated OS Command Injection affecting GeoVision EOL devices. https://t.co/AiQ9pP8frc

    @ethicalhack3r

    7 May 2025

    241 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/HRR6Y8rAsJ https://t.co/JQ0VE7UYh8

    @guigui_0921

    7 May 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/EHs8J0bMgH https://t.co/lQAcoJnv0C

    @ArminBolenius

    7 May 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. ⚠️ハッカーらがSamsung MagicINFOとGeoVision IoTの脆弱性を悪用し、Miraiボットネットを展開(CVE-2024-6047、CVE-2024-7399他) 🐼Panda Shop:中国系カーディング集団の大規模スミッシング 〜サイバーアラート 5月7日〜 ht

    @MachinaRecord

    7 May 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/zuSKV63u20 https://t.co/7JD4nIYW1x

    @rohitprasad220

    7 May 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations