[Vulnerability Alert] GeoVision has a security vulnerability (CVE-2018-25118), please confirm and patch as soon as possible

• Subject: [Vulnerability Alert] GeoVision has a security vulnerability (CVE-2018-25118), please confirm and patch as soon as possible

• Content:
  • Forwarded from National Information Security Information Sharing and Analysis Center NISAC-200-202510-00000262
  • Researchers have discovered an Operating System Command Injection (OS Command Injection) vulnerability (CVE-2018-25118) in GeoVision embedded IP devices. An unauthenticated remote attacker can inject arbitrary operating system commands and execute them on the device. This vulnerability has already been exploited by hackers, so please confirm and patch it as soon as possible.
• Affected Platforms:
  • GV-BX1500, GV-MFD1501, and other embedded IP devices with firmware released before December 2017
• Recommended Measures:
  • Please update the firmware to the latest version
• References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2018-25118
  2. https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi

Computer and Communications Center
Network Systems Group