PatchSiren cyber security CVE debrief
CVE-2026-42370 GeoVision Inc. CVE debrief
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
- Vendor
- GeoVision Inc.
- Product
- GV-VMS V20.0.2
- CVSS
- CRITICAL 9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-04
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-05-04
- Advisory updated
- 2026-06-15
Who should care
Users of GeoVision GV-VMS V20 20.0.2
Technical summary
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. This vulnerability allows an attacker to execute arbitrary code on the affected system.
Defensive priority
high
Recommended defensive actions
- Apply the latest security patches from the vendor.
- Restrict access to the WebCam Server Login functionality.
- Monitor for suspicious activity.
Evidence notes
CVE-2026-42370 has a CVSS score of 9 and is considered CRITICAL.
Official resources
-
CVE-2026-42370 CVE record
CVE.org
-
CVE-2026-42370 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Third Party Advisory
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42370 was published on 2026-05-04T01:16:04.310Z and modified on 2026-06-15T21:16:53.727Z.