CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-6047

Critical Severity
SVRS
91/100
CVSSv3
9.8/10
EPSS
0.5639/1

CVE-2024-6047: A critical command injection vulnerability exists in certain end-of-life (EOL) GeoVision devices. Unauthenticated remote attackers can exploit this flaw to execute arbitrary system commands. With a SOCRadar Vulnerability Risk Score (SVRS) of 91, this vulnerability requires immediate attention. The high SVRS reflects the active exploitation in the wild and the availability of public exploits. This makes CVE-2024-6047 a high-priority risk for organizations still using these devices. Successful exploitation leads to complete system compromise, allowing attackers to gain full control of the affected GeoVision device. The presence of this vulnerability in the CISA KEV catalog further emphasizes its significance. Mitigation should involve either patching the device (if a patch is available) or immediately taking it offline to prevent potential exploitation.

TAGS
In The Wild
CISA KEV
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-06-17
LAST MODIFIED2025-05-08

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
GeoVision Devices OS Command Injection Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-60472025-05-07
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini2025-05-08
U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog | U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds GoVision device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive […] U.S. Cybersecurity and Infrastructure
securityaffairs.co
rss
forum
news
CVE-2024-6047 | GeoVision GVLX 4 V3 os command injection
vuldb.com2025-05-07
CVE-2024-6047 | GeoVision GVLX 4 V3 os command injection | A vulnerability was found in GeoVision GV_DSP_LPR_V2, GV_IPCAMD_GV_BX1500, GV_IPCAMD_GV_CB220, GV_IPCAMD_GV_EBL1100, GV_IPCAMD_GV_EFD1100, GV_IPCAMD_GV_FD2410, GV_IPCAMD_GV_FD3400, GV_IPCAMD_GV_FE3401, GV_IPCAMD_GV_FE420, GV-VS14_VS14, GV_VS03, GV_VS2410, GV_VS28XX, GV_VS216XX, GV VS04A, GV VS04H, GVLX 4 V2 and GVLX 4 V3. It has been rated as very critical</a
vuldb.com
rss
forum
news
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA2025-05-07
CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA has added two new vulnerabilities to its&nbsp;Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. <a class="fui-Link ___1q1shib f2hkw1w f3rmtva f1ewtqcl fyind8e f1k6fduh f1w7gpdv fk6fouc fjoy568 figsok6 f1s184ao f1mk8lai fnbmjn9 f1o700av f13mvf36 f1cmlufx f9n3di6 f1ids18y f1tx3yz7 f1deo86v f1eh06m1 f1iescvh fhgqx19 f1olyrje f1p93eir f1nev41a f1h8hb77 f1lqvz6u f10aw75t fsle3fq f17ae5zn" href="https://www.cve.org/CVERecord?id=CVE-2024-6047" rel="noreferrer noopener" target="_blank" title
cisa.gov
rss
forum
news
Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities
Tushar Subhra Dutta2025-05-07
Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities | The cybersecurity landscape has once again been disrupted by the resurgence of the notorious Mirai botnet, which has been actively exploiting command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. This latest campaign leverages two critical vulnerabilities-CVE-2024-6047 and CVE-2024-11120-that were initially disclosed in June and November 2024 respectively, but had remained unexploited until [&#8230;] The post Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities
cybersecuritynews.com
rss
forum
news
Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits
Aman Mishra2025-05-07
Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits | The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. The vulnerabilities, tracked as CVE-2024-6047 and CVE-2024-11120, were initially disclosed in June and November 2024, respectively, but had limited public information until now. Akamai SIRT first detected suspicious activity targeting these [&#8230;] The post Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits
gbhackers.com
rss
forum
news

Social Media

⚠️ Vulnerability Alert: GeoVision Devices OS Command Injection Vulnerabilities Added to CISA KEV 📅 Timeline: Disclosure: 2024-06-17, Patch: TBD 🆔cveId: CVE-2024-6047 📊baseScore: 9.8 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity:
0
0
0
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-6047 #GeoVision Devices OS Command Injection Vulnerability https://t.co/ChLlWcx4Xy
0
0
0
CISA has added two critical GeoVision vulnerabilities (CVE-2024-6047, CVE-2024-11120) to its Known Exploited Vulnerabilities Catalog. These flaws are under active attack—federal agencies must patch within 2 weeks, all orgs should prioritize. Details: https://t.co/vZV44tXbMa
0
0
0
🛡️ We added GeoVision OS command injection vulnerabilities CVE-2024-6047 &amp; CVE-2024-11120 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf &amp; apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/y4502KMUiT
1
6
12
CISACyber RT: 🛡️ We added GeoVision OS command injection vulnerabilities CVE-2024-6047 &amp; CVE-2024-11120 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/bLjkLHuWBi &amp; apply mitigations to protect your org from cyberattacks. #Cybersec… https://t.co/rZDamG0aLt
0
0
0
See details and IOCs of Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. https://t.co/EFtnKu1WnV https://t.co/mHFY2yAIMR
0
1
3
Threat actors are exploiting security flaws in GeoVision IoT devices (CVE-2024-6047, CVE-2024-11120) to form a Mirai botnet for DDoS attacks, first noted by Akamai in April 2025. The vulnerabilities allow command injection via the /DateSetting. https://t.co/kOibHNTwXh
0
0
0
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/EHs8J0bMgH https://t.co/lQAcoJnv0C
0
0
0
See details and IOCs of @Akamai SIRT’s discovery of active exploitation of the command injection vulnerabilities CVE-2024-6047 and CVE-2024-11120. Learn more. #AkamaiSecurity https://t.co/zuSKV63u20 https://t.co/7JD4nIYW1x
0
0
0
🗣️ Botnet Exploits Old GeoVision IoT Devices via CVE-2024-6047 &amp; CVE-2024-11120 https://t.co/cZNWbrLWPB
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
[email protected]https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
134C704F-9B21-4F2E-91B3-4A467353BCC0https://www.akamai.com/blog/security-research/active-exploitation-mirai-geovision-iot-botnet
AF854A3A-2127-422B-91AE-364DA2661108https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
AF854A3A-2127-422B-91AE-364DA2661108https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html
[email protected]https://www.twcert.org.tw/en/cp-139-7884-c5a8b-2.html
[email protected]https://www.twcert.org.tw/tw/cp-132-7883-f5635-1.html

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence