CVE-2026-12485

GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command

Assigner: GV
Reserved: 17.06.2026 Published: 24.06.2026 Updated: 24.06.2026

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it.

Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable:

<h4>IP field stack overflow</h4>

The following code is vulnerable to a stack overflow that is attacker-controlled:

<pre>

  v3 = strlen(g_network_config->ip_addr);

  memcpy(&reply_buf[36], g_network_config->ip_addr, v3);

</pre>

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 10

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	GeoVision Inc.
Product	GV-I/O Box 4E
Versions	Default: unaffected Version V2.09 is affected Version v2.12 is unaffected

Vendor

GeoVision Inc.

Product

GV-I/O Box 4E

Versions

Default: unaffected

Version V2.09 is affected
Version v2.12 is unaffected

Credits

Philippe Laulheret of Cisco Talos finder
Kelly Patterson of Cisco Talos remediation reviewer
Robert Sherwin of Cisco Talos coordinator

References

Problem Types

CWE-121 Stack-based buffer overflow CWE

Impacts

CAPEC-100 Overflow Buffers