CVE Catalog

CVE-2026-57872

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.97%

57th percentile — higher than 57% of all known CVEs

Summary

An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.

Risk Assessment

The risk involves unauthorized reading of sensitive system files such as configurations, passwords, or login data, which could enable further attack escalation.

Recommendation

It is recommended to immediately update the firmware to a version later than V1.12, and if not available, restrict access to the CGI interface to trusted networks only or use a firewall to block unauthorized requests.

Original NVD description (English source)

An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS