CVE-2026-7372: CWE-787 Out-of-bounds write in GeoVision Inc. GV-VMS V20.0.2
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g.no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
AI Analysis
Technical Summary
The vulnerability in GeoVision GV-VMS V20.0.2 is caused by a stack overflow due to improper bounds checking in the sscanf call used to parse the username and password from an HTTP authorization string. The username and password buffers are limited to 40 characters, but the sscanf call does not enforce this limit, allowing an attacker to overflow the stack by providing longer input. This can result in arbitrary code execution with SYSTEM-level privileges. The vulnerability can be exploited via an unauthenticated HTTP request to the WebCam Server Login functionality. The CVSS 3.1 vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, scope change, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the affected system with SYSTEM privileges, potentially leading to full system compromise. The vulnerability affects confidentiality, integrity, and availability of the system running GeoVision GV-VMS 20.0.2. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict network access to the WebCam Server Login interface to trusted users only and monitor for suspicious HTTP requests attempting to exploit this vulnerability. Avoid exposing the affected service directly to untrusted networks.
CVE-2026-7372: CWE-787 Out-of-bounds write in GeoVision Inc. GV-VMS V20.0.2
Description
A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. #### Stack-overflow via unconstrained sscanf The call to `sscanf` at [1] to split the `Buffer` variable into the `username` and `password` variables doesn't limit the size of the extracted content to match the destination buffers' sizes. In this case, if either the username or password decoded from the authorization string exceeds `40` characters (the size the stack variables `username` and `password`) then a stack overflow will occur. The data is controlled by an attacker, but sronger constraints (e.g.no null bytes) may make exploitation harder. A successful attack could lead to full code execution as SYSTEM on the machine running the service.
CVSS v3.1
Score 9.0critical
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in GeoVision GV-VMS V20.0.2 is caused by a stack overflow due to improper bounds checking in the sscanf call used to parse the username and password from an HTTP authorization string. The username and password buffers are limited to 40 characters, but the sscanf call does not enforce this limit, allowing an attacker to overflow the stack by providing longer input. This can result in arbitrary code execution with SYSTEM-level privileges. The vulnerability can be exploited via an unauthenticated HTTP request to the WebCam Server Login functionality. The CVSS 3.1 vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, scope change, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary code on the affected system with SYSTEM privileges, potentially leading to full system compromise. The vulnerability affects confidentiality, integrity, and availability of the system running GeoVision GV-VMS 20.0.2. No known exploits are currently reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict network access to the WebCam Server Login interface to trusted users only and monitor for suspicious HTTP requests attempting to exploit this vulnerability. Avoid exposing the affected service directly to untrusted networks.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GV
- Date Reserved
- 2026-04-28T23:12:55.269Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f7f4d3cbff5d86108d835a
Added to database: 5/4/2026, 1:22:27 AM
Last enriched: 5/18/2026, 9:21:42 AM
Last updated: 6/17/2026, 5:11:45 PM
Views: 89
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.