Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-57268— GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

CVSS 8.3 · High EPSS 0.29% · P20

Possible ATT&CK Techniques 1AI

T1190 · Exploit Public-Facing Application

Affected Version Matrix 2

VendorProductVersion RangeStatus
GeoVision Inc.GeoWebPlayerV1.1.1.0affected
V1.1.3.0unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-57268

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. ### saveVideo command index-out-of-bound When sending the `saveVideo` command, the `index` field is extracted from the websocket message [1]. Then without checking the range of the index, it is used to trigger a CriticalSection ([2]) and releases it [3]. The release function call ([3]) is executed using a function pointer which will be read out of bounds potentially leading to code execution: v6 = get_entry(a2, "index"); result = json_is_value_int(v6); if ( (_BYTE)result ) { v8 = get_entry(a2, "index"); index = json_value_to_int(&v8->value); // [1] result = CCriticalSection::EnterCritSection(&this->crit_sections[index]); //[2] if ( result ) { if ( this->array_of_IPCams[index] ) { if ( this->array_of_IPCams[index]->field_20 ) do_PostMessageA((CViewer *)this->array_of_IPCams[index], 0x111u, 0x139Fu, v11); } return (*(int (__thiscall **)(CCriticalSection *))(this->crit_sections[index].vtbl + 20))(&this->crit_sections[index]); //[3] } }
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数组索引的验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
GeoVision GeoWebPlayer 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GeoVision GeoWebPlayer是中国GeoVision公司的一款媒体设备的语音视频功能模块。 GeoVision GeoWebPlayer V1.1.1.0版本存在输入验证错误漏洞,该漏洞源于未检查saveVideo命令中的index值范围,可能导致越界数组访问并潜在导致代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
GeoVision Inc.GeoWebPlayer V1.1.1.0 -

II. Public POCs for CVE-2026-57268

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-57268

登录查看更多情报信息。

Vendor Advisories for CVE-2026-57268 (1)

Vendor Pages for CVE-2026-57268 (1)

Same Patch Batch · GeoVision Inc. · 2026-07-02 · 18 CVEs total

CVE-2026-131258.8 HIGHGeoVision GeoWebPlayer 1.1.1.0 Websocket Server function vulnerability
CVE-2026-572698.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-131318.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-131328.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572708.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572768.3 HIGHGeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vu
CVE-2026-572738.3 HIGHGeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vu
CVE-2026-572758.3 HIGHGeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vu
CVE-2026-572788.3 HIGHGeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vu
CVE-2026-572748.3 HIGHGeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vu
CVE-2026-572728.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572648.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572678.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572778.3 HIGHGeoVision GeoWebPlayer Websocket Server connectInfo handler stack-based buffer overflow vu
CVE-2026-572668.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572658.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
CVE-2026-572718.3 HIGHGeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability

IV. Related Vulnerabilities

V. Comments for CVE-2026-57268

No comments yet


Leave a comment