Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (GV) · only source for this CVE.
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.
AnalysisAI
Privilege escalation in GeoVision LPC2011/LPC2211 Web Interface allows authenticated attackers to leak stored credentials via specially crafted HTTP requests to the ssi.cgi endpoint. The vulnerability affects firmware version 1.10 and requires low-privilege user access but no additional user interaction, enabling unauthenticated credential disclosure on affected devices.
Technical ContextAI
The GeoVision LPC2011 and LPC2211 are networked IP camera line products that expose a web-based management interface. The ssi.cgi script handles server-side includes or session management functionality within this interface. The vulnerability stems from improper credential storage and insufficient access controls (CWE-522: Credentials Storage on Code Repository, indicating hardcoded or inadequately protected secrets in the application logic). An authenticated user can craft HTTP requests to ssi.cgi that bypass intended authorization checks and retrieve plaintext or weakly protected credentials stored by the application, potentially including administrative account details, API keys, or stored authentication tokens.
RemediationAI
Vendor-released patch: Upgrade to GeoVision LPC2011/LPC2211 firmware version greater than 1.10 per GeoVision advisory at https://www.geovision.com.tw/cyber_security.php. If immediate patching is not feasible, restrict network access to the Web Interface by implementing IP-based access controls (firewall rules, VPN-only access) to limit exposure to authenticated attackers. Disable or restrict the ssi.cgi endpoint if it is not essential to operational requirements - check GeoVision documentation for feature dependencies. Change default credentials and revoke any low-privilege accounts not actively used, reducing the pool of attackers with the PR:L access required to trigger the vulnerability. Monitor web server logs for unusual HTTP requests to ssi.cgi patterns (e.g., repeated parameter variations) that may indicate exploitation attempts.
More in Gv Lpc2011 Lpc2211
View allPrivilege escalation in GeoVision LPC2011/LPC2211 1.10 web interface allows authenticated remote attackers to execute pr
Authenticated OS command injection in the DdnsSetting.cgi handler of GeoVision GV-LPC2011/LPC2211 license plate capture
Authentication bypass in GeoVision LPC2011/LPC2211 license plate camera firmware version 1.10 allows remote unauthentica
Reflected cross-site scripting in GeoVision LPC2011/LPC2211 Web Interface enables remote attackers to execute arbitrary
Reflected cross-site scripting in GeoVision LPC2011/LPC2211 1.10 web interface (ssi.cgi) allows remote unauthenticated a
Same weakness CWE-522 – Insufficiently Protected Credentials
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26858