CVE-2026-7372: CWE-787 Out-of-bounds write in GeoVision Inc. GV-VMS V20.0.2
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
AI Analysis
Technical Summary
The vulnerability in GeoVision GV-VMS V20.0.2 is caused by a stack overflow in the WebCam Server Login feature due to improper bounds checking in sscanf calls that parse the username and password from an HTTP authorization string. The username and password buffers are 40 characters in size, but sscanf does not limit input length, allowing an attacker to overflow the stack by sending a specially crafted HTTP request with oversized credentials. Exploitation could result in full SYSTEM-level code execution on the host running the service. The vulnerability is unauthenticated and network accessible, but has a high attack complexity due to input constraints such as null byte restrictions.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges on the affected system. This can lead to full compromise of the machine running the GV-VMS service, including confidentiality, integrity, and availability impacts. The CVSS v3.1 score is 9.0 (critical), reflecting network attack vector, no privileges required, no user interaction, and complete system compromise.
Mitigation Recommendations
Patch status is not yet confirmed — no official fix or vendor advisory is currently available. Users should monitor GeoVision's official channels for updates and apply any forthcoming patches promptly. Until a fix is released, consider restricting network access to the WebCam Server Login interface to trusted hosts only to reduce exposure.
CVE-2026-7372: CWE-787 Out-of-bounds write in GeoVision Inc. GV-VMS V20.0.2
Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g. no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in GeoVision GV-VMS V20.0.2 is caused by a stack overflow in the WebCam Server Login feature due to improper bounds checking in sscanf calls that parse the username and password from an HTTP authorization string. The username and password buffers are 40 characters in size, but sscanf does not limit input length, allowing an attacker to overflow the stack by sending a specially crafted HTTP request with oversized credentials. Exploitation could result in full SYSTEM-level code execution on the host running the service. The vulnerability is unauthenticated and network accessible, but has a high attack complexity due to input constraints such as null byte restrictions.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to execute arbitrary code with SYSTEM privileges on the affected system. This can lead to full compromise of the machine running the GV-VMS service, including confidentiality, integrity, and availability impacts. The CVSS v3.1 score is 9.0 (critical), reflecting network attack vector, no privileges required, no user interaction, and complete system compromise.
Mitigation Recommendations
Patch status is not yet confirmed — no official fix or vendor advisory is currently available. Users should monitor GeoVision's official channels for updates and apply any forthcoming patches promptly. Until a fix is released, consider restricting network access to the WebCam Server Login interface to trusted hosts only to reduce exposure.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GV
- Date Reserved
- 2026-04-28T23:12:55.269Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f7f4d3cbff5d86108d835a
Added to database: 5/4/2026, 1:22:27 AM
Last enriched: 5/4/2026, 1:36:24 AM
Last updated: 5/4/2026, 2:24:59 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.