GeoVision embedded IP devices, specifically the GV-BX1500 and GV-MFD1501 models, are susceptible to a remote command injection flaw via the/PictureCatch.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands on the affected devices remotely. Observations indicate that this security issue has been actively exploited in the wild, highlighting the urgent need for device owners to address this vulnerability promptly.
https://securityvulnerability.io/vulner ... 2018-25118