Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (GV) · only source for this CVE.
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
AnalysisAI
Privilege escalation in GeoVision LPC2011/LPC2211 1.10 web interface allows authenticated remote attackers to execute privileged operations via crafted HTTP requests. The vulnerability enables scope change (S:C) indicating potential escape from restricted web interface contexts to underlying system privileges. CVSS 9.9 (Critical) with low attack complexity and no user interaction required, making this exploitable by any authenticated user through simple web requests. No public exploit identified at time of analysis.
Technical ContextAI
GeoVision LPC2011 and LPC2211 are license plate capture cameras with embedded web management interfaces. The vulnerability stems from CWE-266 (Incorrect Privilege Assignment), indicating the web interface fails to properly enforce privilege boundaries when processing HTTP requests. This class of flaw typically arises from missing authorization checks on privileged API endpoints, insecure direct object references to administrative functions, or improper session privilege validation. The scope change (S:C) in the CVSS vector indicates the vulnerability allows breaking out of the intended security boundary, suggesting authenticated low-privilege web users can invoke administrative or system-level operations they should not access.
RemediationAI
Apply firmware updates per GeoVision's cyber security advisory at https://www.geovision.com.tw/cyber_security.php. Vendor has acknowledged the vulnerability and firmware version fixing this issue should be obtained directly from GeoVision support channels. Until patching is complete, implement network segmentation to restrict camera web interface access to trusted management VLANs only - block internet access and use VPN for remote administration. Change all default credentials to strong unique passwords immediately, as the PR:L attack vector depends on credential acquisition. Deploy intrusion detection to monitor for suspicious HTTP POST requests to administrative endpoints from low-privilege accounts. Consider disabling the web interface entirely if cameras can be managed through GeoVision's centralized management platform instead. Note that restricting network access does not eliminate risk from insider threats or lateral movement scenarios, but significantly reduces attack surface. Review all user accounts on affected cameras and apply principle of least privilege - remove unnecessary accounts and downgrade privileges where possible.
More in Gv Lpc2011 Lpc2211
View allAuthenticated OS command injection in the DdnsSetting.cgi handler of GeoVision GV-LPC2011/LPC2211 license plate capture
Authentication bypass in GeoVision LPC2011/LPC2211 license plate camera firmware version 1.10 allows remote unauthentica
Reflected cross-site scripting in GeoVision LPC2011/LPC2211 Web Interface enables remote attackers to execute arbitrary
Reflected cross-site scripting in GeoVision LPC2011/LPC2211 1.10 web interface (ssi.cgi) allows remote unauthenticated a
Privilege escalation in GeoVision LPC2011/LPC2211 Web Interface allows authenticated attackers to leak stored credential
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26859