cbcvebase.

Geovision Inc Gv-Lpc2011 Lpc2211 vulnerabilities

6 known vulnerabilities affecting geovision_inc/gv-lpc2011_lpc2211.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2026-42364P2HIGHCVSS 8.8v1.102026-05-04
CVE-2026-42364 [HIGH] CWE-78 CVE-2026-42364: An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC20 An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.
nvd
CVE-2026-42368P2CRITICALCVSS 9.9v1.102026-05-04
CVE-2026-42368 [CRITICAL] CWE-266 CVE-2026-42368: A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/ A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
nvd
CVE-2026-42365P3HIGHCVSS 7.5v1.102026-05-04
CVE-2026-42365 [HIGH] CWE-341 CVE-2026-42365: A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2 A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.
nvd
CVE-2026-42367P3MEDIUMCVSS 6.5vV1.102026-05-04
CVE-2026-42367 [MEDIUM] CWE-522 CVE-2026-42367: A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVisio A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.
nvd
CVE-2026-42366P4MEDIUMCVSS 6.1vV1.102026-05-04
CVE-2026-42366 [MEDIUM] CWE-79 CVE-2026-42366: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi f Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2026-7371P4MEDIUMCVSS 6.1vV1.102026-05-04
CVE-2026-7371 [MEDIUM] CWE-79 CVE-2026-7371: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi f Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting
nvd