Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-42370: GeoVision GV-VMS V20 20.0.2 WebCam Server Login Allows Untrusted Input
CVE-2026-42370
Summary
An attacker can send a specially crafted HTTP request to the GeoVision GV-VMS V20 20.0.2 WebCam Server Login, potentially allowing them to execute malicious code on your system. This can happen without needing a password or other authentication. To protect yourself, ensure you apply the latest software updates for GeoVision GV-VMS V20.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| geovision | gv-vms_firmware |
< 21.0.0 cpe:2.3:o:geovision:gv-vms_firmware:*:*:*:*:*:*:*:* |
Original title
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker ...
Original description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd CVSS3.1
9.0
Vulnerability type
CWE-787
Out-of-bounds Write
Published: 4 May 2026 · Updated: 30 May 2026 · First seen: 4 May 2026