A stack-based buffer overflow in the GV-VMS WebCam Server gvapi endpoint allows remote attackers to gain SYSTEM-level code execution via a specially c...
Description
A stack-based buffer overflow in the GV-VMS WebCam Server gvapi endpoint allows remote attackers to gain SYSTEM-level code execution via a specially crafted HTTP Authorization header.
AI Analyst Comment
Remediation
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: GeoVision
PRODUCT: GV-VMS
AFFECTED_VERSIONS: V20
---END_METADATA---
Description Summary:
A stack-based buffer overflow in the GV-VMS WebCam Server gvapi endpoint allows remote attackers to gain SYSTEM-level code execution via a specially crafted HTTP Authorization header.
Executive Summary:
A critical stack-based buffer overflow in GeoVision GV-VMS allows unauthenticated remote attackers to achieve full code execution as SYSTEM due to the absence of ASLR.
Vulnerability Details
CVE-ID: CVE-2026-42369
Affected Software: GeoVision GV-VMS
Affected Versions: V20
Vulnerability: The vulnerability occurs in the
gvapiendpoint, which fails to perform bounds checking when processing base64-decoded strings from theHTTP Authorizationheader. This allows an attacker to overwrite the stack, leading to arbitrary code execution.Business Impact
Given the CVSS score of 10, this is a maximum-severity vulnerability. Exploitation allows an attacker to gain full control over the host running the GV-VMS service with SYSTEM privileges, enabling data theft, lateral movement, and complete compromise of the surveillance network.
Remediation Plan
Immediate Action: Apply the vendor-provided security update for GV-VMS V20 immediately.
Proactive Monitoring: Monitor for anomalous spikes in traffic to the
gvapiendpoint and review host logs for unauthorized binary execution or service crashes.Compensating Controls: If a patch cannot be applied, disable the "WebCam Server" feature if it is not strictly required for business operations.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 4, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
This vulnerability requires urgent remediation. The lack of ASLR in the affected component makes exploitation highly reliable; therefore, administrators must prioritize updating the GV-VMS software to prevent potential system-wide compromise.