Security Advisory - Published 2026-06-24 - GeoVision

GeoVision GV-I/O Box 4E: isolate exposed devices and review relay changes

The June 2026 GeoVision GV-I/O Box 4E batch covers critical device-side issues reported by Cisco Talos. Treat internet or guest-network exposure as urgent. The practical work is asset inventory, network isolation, firmware review, and checking whether relay or network settings changed without an approved maintenance window.

Defensive scope: this checklist is for device owners and approved responders. Do not probe third-party physical security devices or send traffic to networks you do not administer.

Affected device batch

CVEDeviceReviewCVSS
CVE-2026-12485GV-I/O Box 4EDVRSearch service10.0
CVE-2026-12846GV-I/O Box 4Enetwork settings10.0
CVE-2026-12847GV-I/O Box 4Egateway settings10.0
CVE-2026-12848GV-I/O Box 4EDNS settings10.0
CVE-2026-12486GV-I/O Box 4Enetwork changes9.1
CVE-2026-12849GV-I/O Box 4Enetmask changes9.1
CVE-2026-12850GV-I/O Box 4Egateway changes9.1
CVE-2026-12851GV-I/O Box 4EDNS changes9.1

Owner self-check

  • Inventory every GV-I/O Box 4E from physical labels, DHCP leases, firewall objects, and site documentation.
  • Confirm whether management or device discovery traffic is reachable from the internet, guest Wi-Fi, VPN users, or shared office networks.
  • Check GeoVision firmware guidance for the exact model and schedule a controlled maintenance window.
  • Review relay activation history, input events, network settings, DNS settings, gateway changes, and device reboots.
  • Compare firewall logs against expected management stations and remove broad allow rules.

Safe containment path

  1. Move the device behind a restricted management VLAN or firewall rule before reviewing it.
  2. Block access from the public internet and from user networks that do not need device management.
  3. Preserve firewall, DHCP, and device logs before factory reset or firmware work.
  4. Apply vendor firmware guidance, then rotate device credentials and update documentation.
  5. Recheck relay behavior after the change window so physical controls match the expected state.

Signs that need deeper review

  • Relay activations, input events, device restarts, or network setting changes without a ticket.
  • Firewall logs from unknown source networks, VPN accounts, or shared subnets.
  • DNS, gateway, or IP settings that no longer match the site network plan.
  • Devices reachable from search engines, public IP ranges, or vendor-remote access rules that were not approved.

Repair help

Use Ping7 CVE Repair when an exposed physical security device needs isolation planning, firewall review, log preservation, or a compromise review before it is returned to production.

References

Author: Ping7 security team - Published: 2026-06-24 - GeoVision GV-I/O Box CVE batch - Defensive self-check only.