Remote Command Injection Vulnerability in GeoVision IP Devices
Posted: Tue Oct 21, 2025 6:12 am
GeoVision embedded IP devices, specifically the GV-BX1500 and GV-MFD1501 models, are susceptible to a remote command injection flaw via the/PictureCatch.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands on the affected devices remotely. Observations indicate that this security issue has been actively exploited in the wild, highlighting the urgent need for device owners to address this vulnerability promptly.
https://securityvulnerability.io/vulner ... 2018-25118
https://securityvulnerability.io/vulner ... 2018-25118