Home

Description

GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service running by default on the IOBox listening for UDP messages on port 10001. Any user on the network can send messages to this service and interact with it. Upon receiving a UDP message, the server reads at most 1460 bytes into a local buffer and a pointer to the buffer is stored in a global variable: #### IP field stack overflow The following code is vulnerable to a stack overflow that is attacker-controlled: v3 = strlen(g_network_config->ip_addr); memcpy(&reply_buf[36], g_network_config->ip_addr, v3);

PUBLISHED Reserved 2026-06-17 | Published 2026-06-24 | Updated 2026-06-24 | Assigner GV




CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-121 Stack-based buffer overflow

Product status

Default status
unaffected

V2.09
affected

v2.12
unaffected

Timeline

2026-04-21:Finder Reports Vulnerabilties to Vendor

Credits

Philippe Laulheret of Cisco Talos finder

Kelly Patterson of Cisco Talos remediation reviewer

Robert Sherwin of Cisco Talos coordinator

References

www.geovision.com.tw/cyber_security.php vendor-advisory

talosintelligence.com/vulnerability_reports/TALOS-2026-2377 third-party-advisory

cve.org (CVE-2026-12485)

nvd.nist.gov (CVE-2026-12485)

Download JSON