CVE-2026-57874
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk24th percentile — higher than 24% of all known CVEs
Summary
A buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier due to insufficient bounds checking when parsing filename values in multipart upload data. An unauthenticated remote attacker may exploit this by sending a crafted upload request with overly long input, causing memory corruption and denial of service.
Risk Assessment
The risk is that an unauthenticated remote attacker can cause a denial of service, potentially disrupting video surveillance systems and other services relying on these cameras.
Recommendation
Immediately update the firmware to a version newer than V1.12 if available. If not possible, restrict access to the device management interface to trusted networks only.
Original NVD description (English source)
An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service.

