CVE-2026-42370

9.0 CRITICAL

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2

Published: 2026-05-04 · Last updated: 2026-06-15

Severity and scoring

CVSS: 9.0 CRITICAL
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-787

Affected products

Vendor	Product
geovision	gv-vms_firmware

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-42370
[Other]https://talosintelligence.com/vulnerability_reports/
[Vendor advisory]https://www.geovision.com.tw/cyber_security.php
[Other]https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2369

Related CVEs

Same vendor

CVE-2026-7161 — An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5 (9.3 CRITICAL)
CVE-2026-42368 — A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10 (9.9 CRITICAL)
CVE-2026-42367 — A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10 (6.5 MEDIUM)
CVE-2026-42365 — A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10 (8.6 HIGH)
CVE-2026-42364 — An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10 (9.9 CRITICAL)

Same CWE

CVE-2026-47750 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47747 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-47749 — stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inf... (7.8 HIGH)
CVE-2026-12314 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)
CVE-2026-12310 — Memory safety bug fixed in Thunderbird 152 (7.5 HIGH)