CVE-2026-12488 - Vulnerability Details - OpenCVE

A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Geovision Inc.	Geovision

No data.

No data.

References

Link	Providers
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411
https://www.geovision.com.tw/cyber_security.php

History

Wed, 24 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 24 Jun 2026 05:00:00 +0000

Type	Values Removed	Values Added
Description		A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.
Title		GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability
First Time appeared		Geovision Inc. Geovision Inc. geovision
Weaknesses		CWE-121
CPEs		cpe:2.3:a:geovision_inc.:geovision:v20.0.2::windows::::: cpe:2.3:a:geovision_inc.:geovision:v20.1.0.0::windows:::::
Vendors & Products		Geovision Inc. Geovision Inc. geovision
References		https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411 https://www.geovision.com.tw/cyber_security.php
Metrics		cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H'}`

MITRE

Status: PUBLISHED

Assigner: GV

Published: 2026-06-24T03:34:20.794Z

Updated: 2026-06-24T12:55:14.968Z

Reserved: 2026-06-17T03:39:27.939Z

Link: CVE-2026-12488

Vulnrichment

Updated: 2026-06-24T05:23:56.794Z

NVD

No data.

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12488", "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9", "state": "PUBLISHED", "assignerShortName": "GV", "dateReserved": "2026-06-17T03:39:27.939Z", "datePublished": "2026-06-24T03:34:20.794Z", "dateUpdated": "2026-06-24T12:55:14.968Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9", "shortName": "GV", "dateUpdated": "2026-06-24T03:34:20.794Z"}, "title": "GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "affected": [{"vendor": "GeoVision Inc.", "product": "GeoVision", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "V20.0.2"}, {"status": "unaffected", "version": "V20.1.0.0"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:geovision_inc.:geovision:v20.0.2:*:windows:*:*:*:*:*"}, {"vulnerable": false, "criteria": "cpe:2.3:a:geovision_inc.:geovision:v20.1.0.0:*:windows:*:*:*:*:*"}]}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.\u00a0\n\n\nA specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. <div><br></div><div>A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.</div>"}]}], "references": [{"url": "https://www.geovision.com.tw/cyber_security.php", "tags": ["vendor-advisory"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H"}}], "solutions": [{"lang": "en", "value": "GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability.\u00a0\n\n\nUser is recommended to download the update from GeoVision's offical website\u00a0(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\n\nor contact GeoVision Support team at support@geovision.com.tw", "supportingMedia": [{"type": "text/html", "base64": false, "value": "GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability. <div><br></div><div>User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20)</div><div>or contact GeoVision Support team at support@geovision.com.tw </div>"}]}], "timeline": [{"time": "2026-04-21T03:49:00.000Z", "lang": "en", "value": "Initial Vendor Contact"}], "credits": [{"lang": "en", "value": "Philippe Laulheret of Cisco Talos.", "type": "finder"}, {"lang": "en", "value": "Kelly Patterson of Cisco Talos.", "type": "remediation reviewer"}, {"lang": "en", "value": "Robert Sherwin of Cisco Talos.", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2411"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-24T05:23:56.794Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-24T12:55:06.184694Z", "id": "CVE-2026-12488", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T12:55:14.968Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2411"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-24T05:23:56.794Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-12488", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-24T12:55:06.184694Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-24T12:55:10.805Z"}}], "cna": {"title": "GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Philippe Laulheret of Cisco Talos."}, {"lang": "en", "type": "remediation reviewer", "value": "Kelly Patterson of Cisco Talos."}, {"lang": "en", "type": "coordinator", "value": "Robert Sherwin of Cisco Talos."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GeoVision Inc.", "product": "GeoVision", "versions": [{"status": "affected", "version": "V20.0.2"}, {"status": "unaffected", "version": "V20.1.0.0"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-04-21T03:49:00.000Z", "value": "Initial Vendor Contact"}], "solutions": [{"lang": "en", "value": "GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability.\u00a0\n\n\nUser is recommended to download the update from GeoVision's offical website\u00a0(https://www.geovision.com.tw/download/product/GV-VMS%20V20)\n\nor contact GeoVision Support team at support@geovision.com.tw", "supportingMedia": [{"type": "text/html", "value": "GeoVision GV-VMS version V20.1.0 has patched the reported vulnerability. <div><br></div><div>User is recommended to download the update from GeoVision's offical website (https://www.geovision.com.tw/download/product/GV-VMS%20V20)</div><div>or contact GeoVision Support team at support@geovision.com.tw </div>", "base64": false}]}], "references": [{"url": "https://www.geovision.com.tw/cyber_security.php", "tags": ["vendor-advisory"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2026-2411", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2.\u00a0\n\n\nA specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. <div><br></div><div>A specially crafted network request can lead to a denial of service. An attacker can impersonate the legitimate server to trigger this vulnerability.</div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based buffer overflow"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:geovision_inc.:geovision:v20.0.2:*:windows:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:geovision_inc.:geovision:v20.1.0.0:*:windows:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "0df08a0e-a200-4957-9bb0-084f562506f9", "shortName": "GV", "dateUpdated": "2026-06-24T03:34:20.794Z"}}}, "cveMetadata": {"cveId": "CVE-2026-12488", "state": "PUBLISHED", "dateUpdated": "2026-06-24T12:55:14.968Z", "dateReserved": "2026-06-17T03:39:27.939Z", "assignerOrgId": "0df08a0e-a200-4957-9bb0-084f562506f9", "datePublished": "2026-06-24T03:34:20.794Z", "assignerShortName": "GV"}, "dataVersion": "5.2"}