QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2018-25118

Back to search

CVE-2018-25118

Published: Oct 20, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.

VendorProductVersions

GeoVision Inc.

GV-BX1500

affected
0 - < November/December 2017 firmware

GeoVision Inc.

GV-MFD1501

affected
0 - < November/December 2017 firmware

GeoVision Inc.

GeoVision embedded IP devices

affected
0 - < November/December 2017 firmware

Weaknesses (CWE)

CWE-78

References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-249a
third-party-advisory
government-resource
exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now