PatchSiren cyber security CVE debrief
CVE-2026-12851 GeoVision Inc. CVE debrief
CVE-2026-12851 is a critical vulnerability in GeoVision GV-I/O Box 4E 2.09, involving multiple OS command injection vulnerabilities in the libNetSetObj.so library. This library is used by various binaries to configure the network stack. An attacker can exploit this vulnerability by sending a specially crafted network packet to trigger command execution. The vulnerability exists in the CNetSetObj::m_F_n_Set_DNS_Addr function, which performs no sanitization on input and then calls system. This function is reachable from both the network-exposed DVRSearch service and the Network.cgi endpoint. To address this vulnerability, defenders should prioritize patching and updating affected systems. Additionally, monitoring network traffic for suspicious activity and implementing compensating controls can help mitigate potential risks.
- Vendor
- GeoVision Inc.
- Product
- GV-I/O Box 4E
- CVSS
- CRITICAL 9.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-24
- Original CVE updated
- 2026-06-25
- Advisory published
- 2026-06-24
- Advisory updated
- 2026-06-25
Who should care
Organizations using GeoVision GV-I/O Box 4E 2.09 should prioritize patching this vulnerability to prevent potential command injection attacks. Network administrators and security teams responsible for managing and securing network devices should be aware of this critical vulnerability and take immediate action to protect their systems.
Technical summary
The libNetSetObj.so library used in GeoVision GV-I/O Box 4E 2.09 contains multiple OS command injection vulnerabilities. Specifically, the CNetSetObj::m_F_n_Set_DNS_Addr function takes up to two addresses, performs no sanitization, and then calls system. This allows an attacker to inject commands via specially crafted network packets. The function is accessible from both the DVRSearch service and the Network.cgi endpoint, increasing the attack surface. The vulnerability has a CVSS score of 9.1 and is classified as CRITICAL.
Defensive priority
High priority should be given to patching and updating affected GeoVision GV-I/O Box 4E 2.09 systems to prevent exploitation of this critical vulnerability. Implementing network monitoring and compensating controls can also help mitigate potential risks.
Recommended defensive actions
- Apply patches and updates provided by the vendor to address the vulnerability.
- Monitor network traffic for suspicious activity related to the DVRSearch service and Network.cgi endpoint.
- Implement compensating controls, such as restricting access to the affected systems and services.
- Perform regular vulnerability assessments and penetration testing to identify potential weaknesses.
- Enhance incident response plans to quickly respond to potential exploitation attempts.
Evidence notes
The CVE-2026-12851 vulnerability details are based on information from official sources, including CVE.org and the National Vulnerability Database (NVD). Additional information was obtained from Talos Intelligence and GeoVision's official website. The vulnerability has been publicly disclosed and is considered critical due to its high CVSS score of 9.1.
Official resources
-
CVE-2026-12851 CVE record
CVE.org
-
CVE-2026-12851 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
0df08a0e-a200-4957-9bb0-084f562506f9
-
Source reference
0df08a0e-a200-4957-9bb0-084f562506f9
This article is AI-assisted and based on the supplied source corpus.