Buffer Overflow Vulnerability in GV-I/O Box 4E Smart Device from GeoVision
CVE-2026-12485

10CRITICAL

Key Information:

Vendor: Geovision Inc.
Status: Gv-i/o Box 4e
Vendor: CVE Published:; 24 June 2026

🔔 Create Geovision Inc. Vulnerability Alert

What is CVE-2026-12485?

The GV-I/O Box 4E, a smart embedded device with capabilities for controlling inputs and relays over Ethernet and RS-485, has a buffer overflow vulnerability. This weakness arises from the DVRSearch service that, by default, listens for UDP messages on port 10001. Unsanctioned users on the same network can exploit this service by sending malicious UDP messages, which exceed the fixed size of the local buffer. The device's response mechanism processes these messages, potentially leading to unauthorized access and manipulation of device operations, thus compromising system integrity. Proper security measures must be taken to mitigate the risks associated with this vulnerability.

Affected Version(s)

GV-I/O Box 4E Linux V2.09

GV-I/O Box 4E Linux v2.12

References

https://www.geovision.com.tw/cyber_security.php

vendor-advisory

https://talosintelligence.com/vulnerability_reports/TALOS...

third-party-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 17, 2026

Credit

Philippe Laulheret of Cisco Talos

Kelly Patterson of Cisco Talos

Robert Sherwin of Cisco Talos

CVE-2026-12485 Data

JSON