This is a stack-based buffer overflow vulnerability in the web login functionality of GeoVision GV-VMS surveillance software. The vulnerability is caused by an unconstrained sscanf call that does not limit input size when parsing login credentials. Unauthenticated remote attackers can trigger this via a crafted HTTP request, potentially leading to full SYSTEM-level arbitrary code execution.
Remediation
Apply the latest security patch from GeoVision for affected GV-VMS V20 installations. Restrict public access to the GV-VMS web server login endpoint to only trusted IP ranges. Check the official GeoVision advisory for additional workarounds if patching is not immediately possible.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.