Logo
Retour à la veille

CVE-2026-12850

Publié : 24 juin 2026
Modifié : 24 juin 2026
Lien officiel NVD
Score CVSS
9.1
CRITICAL

Description détaillée

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. `libNetSetObj.so` is an internal library used by various binaries on the device to configure the network stack (start and stop various services, configure IP, Netmask, gateway, dns, etc.) #### CNetSetObj::m_F_n_Set_Gate_way command injection The following function takes a string as a gatewy address, performs no sanitization on it and calls `system`. This is a classic command injection vulnerability. The function is reachable from both the network-exposed `DVRSearch` service and the `Network.cgi` endpoint. int __fastcall CNetSetObj::m_F_n_Set_Gate_way(const char **this, char *gw, char *dev) { char s[324]; // [sp+4h] [bp-144h] BYREF if ( !dev && !*this || !gw ) return 0; system("/sbin/route del -net 224.0.0.0 netmask 224.0.0.0"); system("/sbin/route del default "); if ( dev ) sprintf(s, "/sbin/route add default gw %s dev %s", gw, dev); //attacker controlled gw string else sprintf(s, "/sbin/route add default gw %s dev %s", gw, *this); //attacker controlled gw string system(s); sprintf(s, "/sbin/route add -net 224.0.0.0 netmask 224.0.0.0 gw %s dev %s", gw, *this); //attacker controlled gw string system(s); return 1; }

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Références et Patchs

https://talosintelligence.com/vulnerability_reports/TALOS-2026-2379https://www.geovision.com.tw/cyber_security.php

Dernières Vulnérabilités

CVE-2026-56129

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory.

VOIR DÉTAILS

CVE-2026-12937

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to, and including, 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The AJAX handler is registered for unauthenticated users via wp_ajax_nopriv_tf_room_availability, and the required nonce is emitted on the public single-hotel page template, allowing unauthenticated attackers to freely obtain a valid nonce and reach the vulnerable code path.

VOIR DÉTAILS

CVE-2026-9702

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or processing order on the site.

VOIR DÉTAILS