What is the CVSS score of CVE-2026-42364?

CVE-2026-42364 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of GeoVision LPC2011/LPC2211 are affected by CVE-2026-42364?

GeoVision LPC2011/LPC2211 devices running version 1.10 contain a critical OS command injection vulnerability in DDNS configuration that permits authenticated users to execute arbitrary system…

GeoVision LPC2011/LPC2211 CVE-2026-42364

EUVD-2026-26855 CRITICAL

OS Command Injection (CWE-78)

2026-05-04 GV

Command Injection

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

May 04, 2026 - 01:46 vuln.today

EUVD ID Assigned

May 04, 2026 - 01:15 euvd

EUVD-2026-26855

Analysis Generated

May 04, 2026 - 01:15 vuln.today

CVE Published

May 04, 2026 - 00:41 nvd

CRITICAL 9.9

DescriptionNVD

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

AnalysisAI

OS command injection in GeoVision LPC2011/LPC2211 version 1.10 allows authenticated remote attackers to execute arbitrary commands with system privileges by crafting malicious DDNS configuration values in the DdnsSetting.cgi component. The vulnerability (CVSS 9.9, Critical) requires only low-level authentication and enables full system compromise with scope change, indicating potential lateral movement to other network segments. …

RemediationAI

Within 24 hours: Inventory all GeoVision LPC2011/LPC2211 devices and document current firmware versions; restrict network access to DDNS configuration interfaces (DdnsSetting.cgi) via firewall or network segmentation. Within 7 days: Contact GeoVision support for patch availability timeline and interim guidance; implement principle of least privilege to limit users with DDNS configuration rights. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-42364 vulnerability details – vuln.today

Back

GeoVision LPC2011/LPC2211 CVE-2026-42364

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code