CVE-2026-42364
published 2026-05-04CVE-2026-42364: An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.61%
72.8th percentile
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geovision | gv-lpc2011_firmware | — | — |
| geovision | gv-lpc2211_firmware | — | — |
| geovision_inc | gv-lpc2011_lpc2211 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GeoVision GV-LPC2011/LPC2211 up to 1.10 DDNS DdnsSetting.cgi os command injection
vuldb·2026-06-15·CVSS 8.8
CVE-2026-42364 [HIGH] GeoVision GV-LPC2011/LPC2211 up to 1.10 DDNS DdnsSetting.cgi os command injection
A vulnerability marked as critical has been reported in GeoVision GV-LPC2011 and LPC2211 up to 1.10. Affected is an unknown function of the file DdnsSetting.cgi of the component DDNS Handler. This manipulation causes os command injection.
This vulnerability is handled as CVE-2026-42364. The attack can be initiated remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
GHSA-pf5g-mwxr-r59q: An os command injection vulnerability exists in the DdnsSetting
ghsa_unreviewed·2026-05-04
CVE-2026-42364 [CRITICAL] CWE-78 GHSA-pf5g-mwxr-r59q: An os command injection vulnerability exists in the DdnsSetting
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-04
Published