The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has once again tightened its grip on cybersecurity vulnerabilities with the addition of critical flaws in several devices—including two major issues affecting GeoVision hardware—to its Known Exploited Vulnerabilities (KEV) catalog. This catalog highlights security flaws that are actively being exploited in the wild, serving as a crucial resource for both public and private entities trying to defend their infrastructure.
With this update, CISA underscores the persistent risks posed by End-of-Life (EOL) devices, which are often left vulnerable due to discontinued vendor support. Among the entries, two command injection vulnerabilities in GeoVision surveillance equipment are now confirmed as exploited in active campaigns, raising alarm across the cybersecurity community. This move aligns with the Binding Operational Directive (BOD) 22-01, which requires federal agencies to address vulnerabilities deemed as high risk.
Here’s what we know so far and why it matters for anyone managing connected surveillance systems or running critical infrastructure.
Recent Additions to the KEV Catalog
CVE-2024-6047 (CVSS 9.8)
A critical OS command injection vulnerability in GeoVision devices. These devices, which have reached end-of-life status, fail to filter user inputs correctly. This flaw enables unauthenticated remote attackers to inject and execute arbitrary system commands.
CVE-2024-11120 (CVSS 9.8)
Another pre-auth command injection vulnerability impacting several discontinued GeoVision products (e.g., GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2/V3). First disclosed by the Shadowserver Foundation, the flaw has already been weaponized in the wild. Attackers have used it to build botnets, which are then deployed in distributed denial-of-service (DDoS) or cryptomining operations.
Scale of Exposure
Approximately 17,000 internet-exposed GeoVision devices are still vulnerable. Of those, nearly 9,000 are in the U.S., with others scattered across Germany, Taiwan, and Canada.
Other Newly Cataloged Vulnerabilities
CISA also added flaws in Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server, reflecting an intensified focus on enterprise-grade platforms commonly used in corporate networks.
Federal Compliance Deadline
CISA mandates that all U.S. federal civilian executive branch (FCEB) agencies must remediate these vulnerabilities by May 28, 2025.
Security Advisory Confirmation
Taiwan’s TWCERT confirmed that these vulnerabilities have not only been disclosed but are also actively being exploited. Multiple independent reports support this finding.
Private Sector Alert
While BOD 22-01 is directed at federal agencies, private organizations are strongly urged to review the KEV catalog and apply patches or mitigations accordingly.
What Undercode Say:
The inclusion of CVE-2024-6047 and CVE-2024-11120 in CISA’s KEV catalog serves as a sharp reminder of the growing threat posed by aging, unsupported IoT and surveillance systems. Here’s a deeper look at the implications and cybersecurity posture needed to respond effectively.
1. EOL Hardware as a National Weak Point
End-of-life products are frequently overlooked in asset management strategies. Without vendor patches, these devices become persistent vulnerabilities—effectively low-hanging fruit for cybercriminals. GeoVision is just one example; similar issues are widespread across industries still relying on outdated technologies.
2. Unauthenticated Exploitation Makes These Flaws Especially Dangerous
No need for login credentials? That’s a red flag. The fact that attackers can execute commands without authentication drastically lowers the bar for exploitation. Threat actors can scan the internet for vulnerable devices and deploy exploits at scale within minutes.
3. The Botnet Risk Is Growing
Botnets built on compromised IoT hardware like GeoVision are versatile. Whether used for DDoS attacks, spam campaigns, or cryptomining, the attack surface grows with each unpatched device. In this case, compromised GeoVision devices are already part of a wider botnet structure.
4. Geographic Concentration Reveals Bigger Risks
The majority of exposed GeoVision devices are in the U.S. That suggests a strong possibility of these flaws being exploited in politically or economically motivated campaigns. It also puts critical infrastructure in danger, especially if these systems are integrated with public safety networks or building management systems.
5. Federal Deadline = Private Sector Wake-Up Call
CISA’s May 28 deadline should serve as a wake-up call not just for federal agencies but also for any business operating these systems. Security doesn’t stop at the federal boundary. If attackers are already exploiting these flaws, private networks are just as vulnerable.
6. Supply Chain Transparency Is Still Lacking
The fact that these devices remained internet-facing and unpatched even after exploitation began suggests inadequate supply chain visibility and patch management processes. Organizations must demand longer support cycles and transparency from vendors.
7. CVSS 9.8 = Alarm Bells
Any CVSS score above 9.0 should be treated as an emergency. These vulnerabilities sit at 9.8—just a shade below maximum severity—indicating they are trivial to exploit and offer high impact.
8. Recommendations for Action
Identify all GeoVision EOL products in your network.
If they cannot be patched, remove them from the internet immediately.
Replace vulnerable hardware with vendor-supported alternatives.
Monitor outbound traffic for signs of botnet or cryptomining activity.
Use CISA’s KEV catalog as a checklist for auditing critical assets.
9. Broader Implications for Surveillance Technology
Surveillance tech is often deployed and forgotten. But every camera, sensor, and DVR is a potential threat vector. This case proves why cybersecurity must be a part of physical security architecture planning.
10. The Future of IoT Security Needs Regulation
Without enforced regulations on support lifecycles and patch timelines for IoT vendors, these incidents will continue to proliferate. GeoVision’s case isn’t unique—it’s a symptom of a broken model.
Fact Checker Results
CISA has officially listed CVE-2024-11120 and CVE-2024-6047 in its KEV catalog.
Shadowserver Foundation confirmed active exploitation via botnets.
CVSS scores of 9.8 indicate the flaws are critical and urgently require action.
Prediction
As federal agencies rush to comply with CISA’s directive, we expect a significant spike in cybercriminal efforts to exploit these flaws before the May 28 deadline. Expect to see a short-term surge in botnet activity, particularly involving DDoS and cryptomining operations. In the longer term, more vulnerabilities in abandoned or under-maintained surveillance systems will surface, pushing regulators toward stricter IoT compliance requirements and support mandates.
Would you like a companion infographic summarizing CVE-2024-11120 and CVE-2024-6047 exposure by country?
References:
Reported By: securityaffairs.com
Extra Source Hub:
https://www.github.com
Wikipedia
Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
