GeoVision GV-VMS V20 Stack-Based Buffer Overflow Vulnerability in WebCam Server Feature Allowing Remote Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in GeoVision's Video Monitoring Software (VMS) V20, specifically within the WebCam Server feature that enables remote access. The vulnerability arises from the 'gvapi' endpoint, which uses an authentication mechanism that can be exploited by sending a crafted 'HTTP Authorization' header. The issue is exacerbated by the absence of Address Space Layout Randomization (ASLR) in the web server application, allowing for easier exploitation. When the base64-decoded string exceeds 256 characters, a stack overflow occurs, potentially leading to arbitrary code execution with SYSTEM privileges on the host machine.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with SYSTEM privileges on the machine running the GeoVision VMS V20 WebCam Server.

Added: May 4, 2026, 1:19 AM

Updated: May 4, 2026, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GeoVision GV-VMS V20 Stack-Based Buffer Overflow Vulnerability in WebCam Server Feature Allowing Remote Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating