Stack Overflow Vulnerability in GV-I/O Box 4E by GeoVision
CVE-2026-12847

10CRITICAL

Key Information:

Vendor: Geovision Inc.
Status: Gv-i/o Box 4e
Vendor: CVE Published:; 24 June 2026

🔔 Create Geovision Inc. Vulnerability Alert

What is CVE-2026-12847?

The GV-I/O Box 4E is a smart embedded device that allows control over Ethernet and RS-485. A critical vulnerability exists in the DVRSearch service, which by default listens for UDP messages on port 10001. This enables any user within the network to send messages to the service, potentially allowing interaction through maliciously crafted UDP inputs. The vulnerability arises from the server's buffer management; specifically, the server reads data into a local buffer without adequate size checks, leading to an exploitable stack overflow condition. Attackers could exploit this vulnerability to overwrite adjacent memory and execute arbitrary code, posing serious security risks.

Affected Version(s)

GV-I/O Box 4E Linux V2.09

GV-I/O Box 4E Linux v2.12

References

https://www.geovision.com.tw/cyber_security.php

vendor-advisory

https://talosintelligence.com/vulnerability_reports/TALOS...

third-party-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Philippe Laulheret of Cisco Talos

Kelly Patterson of Cisco Talos

Robert Sherwin of Cisco Talos

CVE-2026-12847 Data

JSON