FILTERING BY: CLEAR FILTER

CVE-2026-12850: Critical Command Injection in GeoVision GV-I/O Box

CVE-2026-12850 is a critical OS command injection vulnerability (CWE-78) affecting the GeoVision GV-I/O Box, specifically version 4E 2.09. The flaw resides within the libNetSetObj.so shared object library, which manages network objects. Unauthenticated attackers can execute arbitrary system commands by injecting shell metacharacters into crafted inputs passed to the affected library. Successful exploitation grants full administrative access, enabling unauthorized control over connected physical security hardware, such as electronic locks and alarms, while providing a pivot point for lateral movement into sensitive security VLANs. Immediate firmware updates are required to neutralize this risk.


LINK COPIED TO CLIPBOARD