πŸ”΄ CVE-2024-11120

Critical OS command injection vulnerability in GeoVision video surveillance and license plate recognition devices allows unauthenticated remote attackers to execute arbitrary system commands. The vulnerability is being actively exploited in the wild and affected devices are end-of-life with no patches available.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-11-15

Added to CISA KEV: 2025-05-07 173 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2026-06-04)

CVE-2024-11120 is a critical security vulnerability affecting certain end-of-life (EOL) GeoVision IoT surveillance devices [2].

Vulnerability Overview
  • Type: OS Command Injection [1].
  • Root Cause: The vulnerability stems from insufficient input validation within the affected devices [2].
  • Impact: Successful exploitation allows an unauthenticated, remote attacker to inject and execute arbitrary system commands on the target device [1] [2].
Exploitation and Threat Landscape
  • Active Exploitation: This vulnerability is included in the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog, indicating that it is being actively exploited in the wild [1].
  • Requirements: Exploitation is remote and does not require authentication or user interaction [1] [2].
Affected Products and Mitigation
  • Affected Products: The vulnerability affects various EOL GeoVision IoT surveillance devices, including the DSP LPR, Video Server, and DVR product lines [2].
  • Status: Because these devices are end-of-life, they no longer receive security updates or patches from the manufacturer. Users are generally advised to replace these devices or isolate them from the network to mitigate the risk of exploitation. Further guidance can be found by consulting CISA’s Binding Operational Directive (BOD) 22-01 and the Known Exploited Vulnerabilities Catalog [1].

Sources

  1. CVE-2024-11120 Detail - NVD

    Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute ... This CVE is in CISA's Known Exploited Vulnerabilities Catalog Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for…

  2. EOL GeoVision devices - OS Command Injection vulnerability - Armis

    CVE-2024-11120 is a critical OS Command Injection vulnerability affecting certain end-of-life (EOL) GeoVision IoT surveillance devices. ... CVE-2024-11120 is a critical OS Command Injection vulnerability affecting certain end-of-life (EOL) GeoVision IoT surveillance devices, including the DSP LPR, V…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed