Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-12485: GeoVision GV-I/O Box 4E UDP Stack Overflow (IP Address Field)
CVE-2026-12485: GeoVision GV-I/O Box 4E UDP Stack Overflow (IP Address Field)

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2026-12485

CVE-2026-12485: GeoVision GV-I/O Box 4E UDP Stack Overflow (IP Address Field)

A critical CVSS 10.0 stack-based buffer overflow in the GeoVision GV-I/O Box 4E DVRSearch service allows unauthenticated remote attackers to achieve...

Dylan H.

Security Team

June 24, 2026
3 min read

Affected Products

  • GeoVision GV-I/O Box 4E v2.09

Overview

A critical stack-based buffer overflow vulnerability (CVE-2026-12485) has been identified in the GeoVision GV-I/O Box 4E embedded IoT device, firmware version 2.09. The flaw carries a CVSS v3.1 score of 10.0 CRITICAL and enables unauthenticated remote attackers to execute arbitrary code by sending a malicious UDP packet to the device's DVRSearch service.

The GV-I/O Box 4E is an industrial IoT device providing 4 digital inputs and 4 relay outputs for remote control over Ethernet and RS-485, commonly deployed in physical security, building automation, and industrial control environments.

Technical Details

The vulnerability resides in the DVRSearch service, which runs by default on UDP port 10001 and accepts messages from any network-accessible host without requiring authentication.

The vulnerable code path reads network configuration data — specifically the device's stored IP address — and copies it into a fixed-size reply buffer without bounds checking:

v3 = strlen(g_network_config->ip_addr);
memcpy(&reply_buf[36], g_network_config->ip_addr, v3);

The function reads up to 1460 bytes into a local buffer from the network, but the destination buffer at offset 36 within the reply is not sized to accommodate that maximum. If the stored IP address field is overlong (e.g., through a prior misconfiguration or a companion injection vulnerability), the memcpy overflows the stack, enabling control-flow hijacking.

PropertyValue
CVECVE-2026-12485
CVSS v3.110.0 CRITICAL
VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWECWE-121 (Stack-based Buffer Overflow)
Affected VersionGV-I/O Box 4E v2.09
Fixed VersionGV-I/O Box 4E v2.12
ProtocolUDP port 10001

Affected Products

  • Vendor: GeoVision Inc.
  • Product: GV-I/O Box 4E
  • Platform: Linux (embedded)
  • Vulnerable firmware: V2.09
  • Patched firmware: V2.12

Impact

Successful exploitation allows an unauthenticated, network-adjacent or remote attacker to:

  • Execute arbitrary code with the privileges of the DVRSearch process
  • Achieve full device compromise — modify relay states, disable inputs/outputs, or pivot to internal networks
  • Trigger a denial of service by crashing the service

Given the Scope change (S:C) in the CVSS vector, a compromise could impact connected systems beyond the device itself.

Remediation

  1. Update firmware to version V2.12 or later from the GeoVision security advisory page.
  2. Restrict network access to UDP port 10001 — apply firewall rules or ACLs so only trusted management hosts can reach the DVRSearch service.
  3. Segment IoT devices onto dedicated VLANs with no direct internet exposure.
  4. Inventory GV-I/O Box 4E devices in your environment and prioritize patching for any directly internet-accessible units.

References

  • Cisco Talos Advisory TALOS-2026-2377
  • GeoVision Cyber Security Page
  • NVD Entry — CVE-2026-12485
#CVE#GeoVision#IoT#Buffer Overflow#Remote Code Execution#Embedded Device

Related Articles

CVE-2026-12846: GeoVision GV-I/O Box 4E UDP Stack Overflow (Net Mask Field)

A second critical CVSS 10.0 stack-based buffer overflow in GeoVision GV-I/O Box 4E firmware 2.09 — this time in the Net Mask field handling of the...

3 min read

CVE-2026-12486: GeoVision GV-I/O Box 4E OS Command Injection via libNetSetObj.so

Multiple OS command injection vulnerabilities in GeoVision GV-I/O Box 4E firmware 2.09 allow attackers with network access to execute arbitrary system...

3 min read

CVE-2026-52186: Critical SQL Injection RCE in UTT nv518G Router

A critical SQL injection vulnerability (CVSS 9.8) in the UTT nv518G router allows unauthenticated remote attackers to execute arbitrary code via the...

3 min read
Back to all Security Alerts