Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

GV-LPCLPC2011/2211

Source -

CNA

CNA CVEs -

10

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
10Vulnerabilities found

CVE-2026-57881
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 29.56%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57880
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.86%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57879
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.86%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57878
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 40.93%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2026-57877
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-8.6||HIGH
EPSS-0.25% / 15.91%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized format string vulnerability (vlsvr)

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2026-57876
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-0.31% / 23.16%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized out-of-bounds writing vulnerability (onvif.cgi)

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-57875
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.17%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability in packet parsing

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the affected components. A remote attacker may exploit this vulnerability by sending a specially crafted HTTP request, causing the affected process to crash and resulting in a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-57874
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-0.32% / 23.66%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (IEEE8021x_upload.cgi)

An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2026-57873
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-0.21% / 10.80%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-57872
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
ShareView Details
Assigner-0df08a0e-a200-4957-9bb0-084f562506f9
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.54%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 07:17
Updated-26 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.

Action-Not Available
Vendor-GeoVision Inc.
Product-GV-LPCLPC2011/2211
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')