CVE-2024-6047 is an OS command injection vulnerability classified under CWE-78, affecting all versions of GeoVision's GV_DSP_LPR_V2 product, which is used in license plate recognition and surveillance systems. The vulnerability arises from improper neutralization of special elements in user-supplied input, allowing unauthenticated remote attackers to inject arbitrary OS commands. Because the affected devices are end-of-life (EOL), they likely lack vendor support and patches, increasing exposure. The vulnerability requires no authentication or user interaction, making exploitation straightforward over the network. Successful exploitation can lead to complete system compromise, including unauthorized access, data theft, device manipulation, or denial of service. The CVSS v3.1 score of 9.8 reflects the critical nature of this flaw, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The scope is unchanged (S:U), but confidentiality, integrity, and availability impacts are all high (C:H/I:H/A:H). Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a prime target for attackers, especially in critical infrastructure and surveillance sectors. The lack of available patches necessitates alternative mitigation strategies to reduce risk.

The impact of CVE-2024-6047 is severe for organizations using GeoVision GV_DSP_LPR_V2 devices, particularly those in security, law enforcement, transportation, and critical infrastructure sectors. Exploitation can lead to full system compromise, allowing attackers to execute arbitrary commands, potentially leading to data breaches, manipulation or disabling of surveillance systems, and disruption of security operations. This can undermine physical security, violate privacy regulations, and cause operational downtime. The vulnerability's unauthenticated remote exploitation capability increases the attack surface, enabling attackers to pivot into broader network environments. Organizations relying on these devices may face reputational damage, regulatory penalties, and financial losses if exploited. The EOL status of the devices complicates remediation, increasing the risk of persistent exploitation and long-term exposure. The vulnerability also poses risks to national security in countries where such devices are widely deployed in public safety and critical infrastructure monitoring.

Given the absence of official patches due to the EOL status of the affected GeoVision devices, organizations should implement layered mitigation strategies. First, isolate vulnerable devices on segmented networks with strict access controls to limit exposure. Employ network-level filtering and firewall rules to restrict inbound traffic to only trusted sources. Disable or restrict the vulnerable functionality within GV_DSP_LPR_V2 if possible. Implement robust monitoring and logging to detect anomalous command execution or network activity indicative of exploitation attempts. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect OS command injection patterns. Where feasible, replace EOL devices with supported alternatives that receive security updates. Conduct regular security assessments and penetration testing focused on these devices. Finally, educate security teams about this vulnerability to ensure rapid incident response if exploitation is suspected.