Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Network-reachable web UI, no auth or user interaction, low-complexity cookie brute force; confidentiality high via account takeover, integrity/availability not directly impacted by the bypass itself.
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
8DescriptionNVD
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.
AnalysisAI
Authentication bypass in GeoVision LPC2011/LPC2211 license plate camera firmware version 1.10 allows remote unauthenticated attackers to brute-force predictable session cookies via the Web Interface and gain access to the device. The flaw stems from insufficient randomness in session token generation (CWE-341), enabling attackers to enumerate valid cookies through a crafted series of HTTP requests. No public exploit identified at time of analysis, and EPSS is low at 0.06%, but CISA SSVC rates technical impact as partial with no current exploitation observed.
Technical ContextAI
GeoVision GV-LPC2011 and GV-LPC2211 are license plate recognition (LPR) cameras commonly deployed in parking, access-control, and traffic-enforcement environments. The vulnerability lives in the embedded Web Interface used for device management. CWE-341 (Predictable from Observable State) indicates that session cookies are generated from observable or insufficiently random inputs, so an attacker who can collect or reason about a few sample cookies can predict or enumerate valid values. Because authentication state is bound entirely to the cookie, predicting a valid value is equivalent to logging in. The Talos vulnerability report TALOS-2025-2332 is the originating research advisory.
RemediationAI
No vendor-released patch identified at time of analysis; monitor the GeoVision security page at https://www.geovision.com.tw/cyber_security.php and the Talos report at https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2332 for a fixed firmware build and apply it as soon as it is published. Until a fix ships, the most effective compensating controls are to remove the Web Interface from any internet-facing network - place the cameras on a dedicated management VLAN reachable only via VPN or jump host - and to restrict TCP access to the HTTP/HTTPS management ports with a firewall ACL allowing only known administrator IPs, accepting the trade-off that remote field technicians will need VPN access. Add WAF or reverse-proxy rate-limiting and IP-based lockout in front of the cookie endpoints to slow brute-force enumeration (trade-off: may interfere with legitimate polling or NVR integrations), and rotate any credentials that may have been exposed through the device.
More in Gv Lpc2011 Lpc2211
View allPrivilege escalation in GeoVision LPC2011/LPC2211 1.10 web interface allows authenticated remote attackers to execute pr
Authenticated OS command injection in the DdnsSetting.cgi handler of GeoVision GV-LPC2011/LPC2211 license plate capture
Reflected cross-site scripting in GeoVision LPC2011/LPC2211 Web Interface enables remote attackers to execute arbitrary
Reflected cross-site scripting in GeoVision LPC2011/LPC2211 1.10 web interface (ssi.cgi) allows remote unauthenticated a
Privilege escalation in GeoVision LPC2011/LPC2211 Web Interface allows authenticated attackers to leak stored credential
Same weakness CWE-341 – Predictable from Observable State
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26856