漏洞概述 GeoVision GeoWebPlayer WebSocket Server 的 connectInfo 处理程序存在多个栈缓冲区溢出漏洞。攻击者可以通过构造恶意的 WebSocket 消息触发这些漏洞,导致任意代码执行。 影响范围 受影响版本:GeoWebPlayer (version(s): 1.1.1.0) 产品URL:GeoWebPlayer - http://ovision.com.tw/ CVSSv3 Score:8.3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE编号:CVE-2026-57273, CVE-2026-57274, CVE-2026-57275, CVE-2026-57276, CVE-2026-57277, CVE-2026-57278 修复方案 初始厂商联系:2026-03-25 厂商披露:2026-04-21 厂商补丁发布:2026-04-26 公开披露:2026-07-01 POC代码 CVE-2026-57273 - Buffer Overflow in username field (no key present) CVE-2026-57274 - Buffer Overflow in password field (no key present) CVE-2026-57275 - Buffer Overflow in username field (key present) CVE-2026-57276 - Buffer Overflow in password field (key present) CVE-2026-57277 - Buffer Overflow in key field CVE-2026-57278 - Buffer Overflow in ip field