【資安漏洞預警】GeoVision存在安全漏洞(CVE-2018-25118)，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】GeoVision存在安全漏洞(CVE-2018-25118)，請儘速確認並進行修補 [Security Vulnerability Alert] GeoVision has a security vulnerability (CVE-2018-25118). Please confirm and patch it as soon as possible.
公告內容	轉發國家資安資訊分享與分析中心 NISAC-200-202510-00000262 [內容說明] 研究人員發現GeoVision嵌入式IP設備存在作業系統指令注入(OS Command Injection)漏洞(CVE-2018-25118)，未經身分鑑別之遠端攻擊者可注入任意作業系統指令並於設備上執行。該漏洞已遭駭客利用，請儘速確認並進行修補。 [影響平台] GV-BX1500、GV-MFD1501及其他嵌入式IP設備，韌體釋出日期在2017年12月之前 [建議措施] 請更新韌體至最新版本 [參考資料] 1. https://nvd.nist.gov/vuln/detail/CVE-2018-25118 2. https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi Forwarded from the National Cybersecurity Information Sharing and Analysis Center (NISAC-200-202510-00000262) [Content Description] Researchers have discovered an OS Command Injection vulnerability (CVE-2018-25118) in GeoVision embedded IP devices. An unauthenticated remote attacker could inject arbitrary operating system commands and execute them on the device. This vulnerability has already been exploited by hackers; please confirm and patch it as soon as possible. [Affected Platforms] GV-BX1500, GV-MFD1501, and other embedded IP devices with firmware release dates prior to December 2017. [Recommended Actions] Please update your firmware to the latest version. [References] 1. https://nvd.nist.gov/vuln/detail/CVE-2018-25118 2. https://www.vulncheck.com/advisories/geovision-command-injection-rce-picture-catch-cgi
相關訊息	參考資料1 參考資料2
公告時間	2025/10/30 至 2026/4/30	點閱次數	122