Ghostwire

CVE-2026-42370: A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A...

CRITICAL CVSS 9.0 Exploit Available

Published: May 4, 2026 | Last Modified: May 4, 2026

Description

A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Ghostwire Analysis — What This Means Practically

Critical CVSS score indicates maximum severity — remote code execution, authentication bypass, or complete system compromise is likely possible.
Exploit code is reported to be available, increasing the likelihood of active exploitation.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References

talosintelligence.com/vulnerability_reports/
www.geovision.com.tw/cyber_security.php
www.tenable.com/cve/CVE-2026-42370
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-42370
nvd.nist.gov/vuln/detail/CVE-2026-42370