CVE-2026-12846: CWE-121 Stack-based buffer overflow in GeoVision Inc. GV-I/O Box 4E
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Net Mask field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v6 = strlen(g_network_config->net_mask); memcpy(&reply_buf[184], g_network_config->net_mask, v6);
AI Analysis
Technical Summary
The GV-I/O Box 4E device runs a DVRSearch service that listens for UDP messages on port 10001. When processing these messages, the service reads up to 1460 bytes into a local buffer and stores a pointer to this buffer globally. The vulnerability arises from a stack-based buffer overflow triggered by copying the Net Mask field into a fixed buffer at offset 184 without validating its length. This overflow is attacker-controlled, enabling potential arbitrary code execution. The affected version is exactly 2.09. The CVSS v3.1 base score is 10.0, reflecting network attack vector, no required privileges or user interaction, and complete confidentiality, integrity, and availability impact.
Potential Impact
Successful exploitation of this vulnerability can lead to remote code execution with full system privileges on the affected device. This compromises confidentiality, integrity, and availability of the device and potentially the network it is connected to. Given the device controls physical inputs and relay outputs, exploitation could have safety and operational impacts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or workaround is currently documented. Until a patch is available, restrict network access to the DVRSearch service on UDP port 10001 to trusted users only to reduce exposure.
CVE-2026-12846: CWE-121 Stack-based buffer overflow in GeoVision Inc. GV-I/O Box 4E
Description
GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### Net Mask field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v6 = strlen(g_network_config->net_mask); memcpy(&reply_buf[184], g_network_config->net_mask, v6);
CVSS v3.1
Score 10.0critical
Affected software
pkg:github/geovisioninc/GV-I-O-Box-4ERun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The GV-I/O Box 4E device runs a DVRSearch service that listens for UDP messages on port 10001. When processing these messages, the service reads up to 1460 bytes into a local buffer and stores a pointer to this buffer globally. The vulnerability arises from a stack-based buffer overflow triggered by copying the Net Mask field into a fixed buffer at offset 184 without validating its length. This overflow is attacker-controlled, enabling potential arbitrary code execution. The affected version is exactly 2.09. The CVSS v3.1 base score is 10.0, reflecting network attack vector, no required privileges or user interaction, and complete confidentiality, integrity, and availability impact.
Potential Impact
Successful exploitation of this vulnerability can lead to remote code execution with full system privileges on the affected device. This compromises confidentiality, integrity, and availability of the device and potentially the network it is connected to. Given the device controls physical inputs and relay outputs, exploitation could have safety and operational impacts.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or workaround is currently documented. Until a patch is available, restrict network access to the DVRSearch service on UDP port 10001 to trusted users only to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GV
- Date Reserved
- 2026-06-22T00:26:45.854Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3b667deed863c81e4ac19a
Added to database: 06/24/2026, 05:09:17 UTC
Last enriched: 06/24/2026, 05:24:26 UTC
Last updated: 06/24/2026, 19:10:14 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.