Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports.
CISA Catalog
Date Added
Due Date
Vulnerability Name
Required Action
2025-05-07
2025-05-28
GeoVision Devices OS Command Injection Vulnerability
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Date Added: 2025-05-07
Due Date: 2025-05-28
Vulnerability Name: GeoVision Devices OS Command Injection Vulnerability
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.