PatchSiren cyber security CVE debrief

CVE-2026-12847 GeoVision Inc. CVE debrief

CVE-2026-12847 is a critical stack overflow vulnerability in the GV-I/O Box 4E, a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. The vulnerability exists in the DVRSearch service, which listens for UDP messages on port 10001 and is running by default on the IOBox. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable. The code is vulnerable to a stack overflow that is attacker-controlled due to a memcpy operation with a user-controlled length. This vulnerability has a CVSS score of 10 and a severity of CRITICAL. The CVE was published on 2026-06-24T05:17:26.587Z and last modified on 2026-06-25T14:02:35.347Z.

Vendor: GeoVision Inc.
Product: GV-I/O Box 4E
CVSS: CRITICAL 10
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-24
Original CVE updated: 2026-06-25
Advisory published: 2026-06-24
Advisory updated: 2026-06-25

Who should care

Organizations using the GV-I/O Box 4E device should prioritize patching this vulnerability to prevent potential attacks. The vulnerability's critical severity and ease of exploitation make it a high-risk issue. Additionally, security teams and administrators responsible for embedded devices and network security should be aware of this vulnerability and take necessary precautions.

Technical summary

The GV-I/O Box 4E device has a stack overflow vulnerability in the DVRSearch service, which is running by default and listening on UDP port 10001. The service reads incoming UDP messages into a local buffer without proper bounds checking, allowing an attacker to overflow the stack with a controlled payload. The vulnerable code involves a memcpy operation with a user-controlled length, which can lead to arbitrary code execution. The vulnerability has a CVSS score of 10, indicating a high impact on confidentiality, integrity, and availability.

Defensive priority

This vulnerability has a high defensive priority due to its critical severity, ease of exploitation, and potential impact on network security. Organizations should prioritize patching or mitigating this vulnerability to prevent potential attacks.

Recommended defensive actions

Apply patches or updates provided by the vendor to fix the vulnerability.
Disable the DVRSearch service if not required.
Implement network segmentation to limit access to the GV-I/O Box 4E device.
Monitor network traffic for suspicious UDP messages on port 10001.
Consider implementing compensating controls, such as intrusion detection or prevention systems.

Evidence notes

The CVE-2026-12847 vulnerability was discovered and reported by Talos Intelligence. The vulnerability exists in the DVRSearch service, which is running by default on the GV-I/O Box 4E device. The service listens for UDP messages on port 10001 and is vulnerable to a stack overflow attack due to a memcpy operation with a user-controlled length. The CVSS score of 10 indicates a high impact on confidentiality, integrity, and availability.

Official resources

CVE-2026-12847 CVE record
CVE.org
CVE-2026-12847 NVD detail
NVD
Source item URL
nvd_modified
Source reference
0df08a0e-a200-4957-9bb0-084f562506f9
Source reference
0df08a0e-a200-4957-9bb0-084f562506f9

This article is AI-assisted and based on the supplied source corpus.