CVE-2026-42365
published 2026-05-04CVE-2026-42365: A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP…
PriorityP348high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.33%
24.6th percentile
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geovision | gv-lpc2011_firmware | — | — |
| geovision | gv-lpc2211_firmware | — | — |
| geovision_inc | gv-lpc2011_lpc2211 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
GeoVision GV-LPC2011/LPC2211 up to 1.10 Web Interface predictable state
vuldb·2026-06-15·CVSS 7.5
CVE-2026-42365 [HIGH] GeoVision GV-LPC2011/LPC2211 up to 1.10 Web Interface predictable state
A vulnerability categorized as problematic has been discovered in GeoVision GV-LPC2011 and LPC2211 up to 1.10. The impacted element is an unknown function of the component Web Interface. Executing a manipulation can lead to predictable from observable state.
This vulnerability appears as CVE-2026-42365. The attack may be performed from remote. There is no available exploit.
It is advisable to upgrade the affected component.
GHSA
GHSA-5v66-384x-cw8p: A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1
ghsa_unreviewed·2026-05-04
CVE-2026-42365 [HIGH] CWE-341 GHSA-5v66-384x-cw8p: A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.
No detection rules found.
No public exploits indexed.
2026-05-04
Published