Skip to main content

GeoVision LPC2011/LPC2211 CVE-2026-42367

| EUVDEUVD-2026-26858 MEDIUM
Insufficiently Protected Credentials (CWE-522)
2026-05-04 GV
6.5
CVSS 3.1 · Vendor: GV
Share

Severity by source

Vendor (GV) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from Vendor (GV) · only source for this CVE.

CVSS VectorVendor: GV

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 04, 2026 - 01:48 vuln.today
EUVD ID Assigned
May 04, 2026 - 01:15 euvd
EUVD-2026-26858
Analysis Generated
May 04, 2026 - 01:15 vuln.today
CVE Published
May 04, 2026 - 00:43 nvd
MEDIUM 6.5

DescriptionCVE.org

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

AnalysisAI

Privilege escalation in GeoVision LPC2011/LPC2211 Web Interface allows authenticated attackers to leak stored credentials via specially crafted HTTP requests to the ssi.cgi endpoint. The vulnerability affects firmware version 1.10 and requires low-privilege user access but no additional user interaction, enabling unauthenticated credential disclosure on affected devices.

Technical ContextAI

The GeoVision LPC2011 and LPC2211 are networked IP camera line products that expose a web-based management interface. The ssi.cgi script handles server-side includes or session management functionality within this interface. The vulnerability stems from improper credential storage and insufficient access controls (CWE-522: Credentials Storage on Code Repository, indicating hardcoded or inadequately protected secrets in the application logic). An authenticated user can craft HTTP requests to ssi.cgi that bypass intended authorization checks and retrieve plaintext or weakly protected credentials stored by the application, potentially including administrative account details, API keys, or stored authentication tokens.

RemediationAI

Vendor-released patch: Upgrade to GeoVision LPC2011/LPC2211 firmware version greater than 1.10 per GeoVision advisory at https://www.geovision.com.tw/cyber_security.php. If immediate patching is not feasible, restrict network access to the Web Interface by implementing IP-based access controls (firewall rules, VPN-only access) to limit exposure to authenticated attackers. Disable or restrict the ssi.cgi endpoint if it is not essential to operational requirements - check GeoVision documentation for feature dependencies. Change default credentials and revoke any low-privilege accounts not actively used, reducing the pool of attackers with the PR:L access required to trigger the vulnerability. Monitor web server logs for unusual HTTP requests to ssi.cgi patterns (e.g., repeated parameter variations) that may indicate exploitation attempts.

Share

CVE-2026-42367 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy