CVE Catalog

CVE-2026-57876

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile — higher than 23% of all known CVEs

Summary

In GeoVision GV-LPC2011 and GV-LPC2211 devices version V1.12 and earlier, an out-of-bounds write vulnerability exists in onvif.cgi. Insufficient bounds checking when processing HTTP request body data allows an unauthenticated remote attacker to cause memory corruption and denial of service (DoS) by sending a crafted request with excessive input.

Risk Assessment

An attacker can remotely crash the device, disrupting the video surveillance system and potentially causing loss of recordings.

Recommendation

Immediately update the firmware of GeoVision GV-LPC2011 and GV-LPC2211 devices to a version newer than V1.12 if a patch is available. Until the update, restrict access to the onvif.cgi interface to trusted networks only.

Original NVD description (English source)

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS