CVE Catalog

CVE-2026-57877

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.

Risk Assessment

The risk includes potential leakage of sensitive data, system destabilization, or complete unavailability of the device, which may disrupt video surveillance operations.

Recommendation

It is recommended to immediately update the firmware to a version later than V1.12 and restrict access to the login interface to trusted networks only.

Original NVD description (English source)

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS