Geovision Inc Gv-I O Box 4E vulnerabilities
8 known vulnerabilities affecting geovision_inc/gv-i_o_box_4e.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL8
Vulnerabilities
Page 1 of 1
CVE-2026-12486P2CRITICALCVSS 9.1vV2.092026-06-24
CVE-2026-12486 [CRITICAL] CWE-78 CVE-2026-12486: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
`libNetSetObj.so` is an internal library used by various binaries on the device to configu
nvd
CVE-2026-12851P2CRITICALCVSS 9.1vV2.092026-06-24
CVE-2026-12851 [CRITICAL] CWE-78 CVE-2026-12851: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
`libNetSetObj.so` is an internal library used by various binaries on the device to configu
nvd
CVE-2026-12485P2CRITICALCVSS 10.0vV2.092026-06-24
CVE-2026-12485 [CRITICAL] CWE-121 CVE-2026-12485: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads
nvd
CVE-2026-12847P2CRITICALCVSS 10.0vV2.092026-06-24
CVE-2026-12847 [CRITICAL] CWE-121 CVE-2026-12847: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads
nvd
CVE-2026-12850P2CRITICALCVSS 9.1vV2.092026-06-24
CVE-2026-12850 [CRITICAL] CWE-78 CVE-2026-12850: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
`libNetSetObj.so` is an internal library used by various binaries on the device to configu
nvd
CVE-2026-12849P2CRITICALCVSS 9.1vV2.092026-06-24
CVE-2026-12849 [CRITICAL] CWE-78 CVE-2026-12849: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVisio
Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.
`libNetSetObj.so` is an internal library used by various binaries on the device to configu
nvd
CVE-2026-12846P2CRITICALCVSS 10.0vV2.092026-06-24
CVE-2026-12846 [CRITICAL] CWE-121 CVE-2026-12846: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads
nvd
CVE-2026-12848P2CRITICALCVSS 10.0vV2.092026-06-24
CVE-2026-12848 [CRITICAL] CWE-121 CVE-2026-12848: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled ove
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.
DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.
Upon receiving a UDP message, the server reads
nvd