A critical stack overflow vulnerability in the GeoVision GV-VMS WebCam Server allows unauthenticated attackers to execute arbitrary code via a crafted HTTP request.

This is a stack overflow vulnerability found in the WebCam Server's login process. An attacker can send a malicious, unauthenticated HTTP request that triggers the overflow, leading to potential code execution.

A CVSS score of 9.0 confirms the critical nature of this flaw. Successful exploitation allows an attacker to gain control over the GV-VMS system, which could result in unauthorized surveillance access, system disruption, or lateral movement into the network.

Immediate Action: Upgrade to the latest version of GeoVision GV-VMS to remediate the stack overflow vulnerability.

Proactive Monitoring: Monitor for abnormal traffic patterns targeting the WebCam Server login page and check for service instability or unexpected process restarts.

Compensating Controls: Use a WAF to restrict access to the WebCam Server interface and block requests containing unusually large payloads.

Public Exploit Available: false

Given the ability for unauthenticated remote code execution, this vulnerability poses a severe risk. Organizations should prioritize updating their GV-VMS deployments and ensure that management interfaces are not exposed to untrusted networks.