Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-42370
PUBLISHED
More InfoOfficial Page
Assigner-GV
Assigner Org ID-0df08a0e-a200-4957-9bb0-084f562506f9
View Known Exploited Vulnerability (KEV) details
Published At-04 May, 2026 | 00:48
Updated At-05 May, 2026 | 03:56
Rejected At-
▼CVE Numbering Authority (CNA)
GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Affected Products
Vendor
GeoVision Inc.
Product
GV-VMS V20.0.2
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • 20.0.2
Unaffected
  • 21.0.0
Problem Types
TypeCWE IDDescription
CWECWE-787CWE-787 Out-of-bounds write
Type: CWE
CWE ID: CWE-787
Description: CWE-787 Out-of-bounds write
Metrics
VersionBase scoreBase severityVector
3.19.0CRITICAL
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-100CAPEC-100 Overflow Buffers
CAPEC-242CAPEC-242 Code Injection
CAPEC ID: CAPEC-100
Description: CAPEC-100 Overflow Buffers
CAPEC ID: CAPEC-242
Description: CAPEC-242 Code Injection
Solutions

GeoVision GV-VMS version V21.0.0 has patched the reported vulnerability.  User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20) or contact GeoVision Support team

Configurations
Workarounds
Exploits
Credits
finder
Philippe Laulheret of Cisco Talos.
remediation reviewer
Kelly Patterson of Cisco Talos.
coordinator
Martin Zeiser of Cisco Talos.
Timeline
EventDate
Initial Vendor Contact2026-02-17 01:38:00
Event: Initial Vendor Contact
Date: 2026-02-17 01:38:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.geovision.com.tw/cyber_security.php
vendor-advisory
https://talosintelligence.com/vulnerability_reports/
third-party-advisory
Hyperlink: https://www.geovision.com.tw/cyber_security.php
Resource:
vendor-advisory
Hyperlink: https://talosintelligence.com/vulnerability_reports/
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found