GeoVision GV-VMS Stack Overflow Vulnerability in WebCam Server Login Allowing Arbitrary Code Execution

Vulnerability

A stack overflow vulnerability has been identified in the WebCam Server Login feature of GeoVision GV-VMS version 20.0.2. This vulnerability allows for arbitrary code execution. The issue arises because the 'sscanf' function is used to parse the 'Buffer' variable into 'username' and 'password' variables without restricting the size of the extracted data to fit the destination buffers. If either the username or password exceeds 40 characters, a stack overflow occurs. An attacker can exploit this vulnerability by sending a specially crafted HTTP request, leading to code execution with SYSTEM privileges on the affected machine.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with SYSTEM privileges on the machine running the GeoVision WebCam Server.

Added: May 4, 2026, 1:25 AM

Updated: May 4, 2026, 1:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.8

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GeoVision GV-VMS Stack Overflow Vulnerability in WebCam Server Login Allowing Arbitrary Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating