Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated network request to the default web server with no user interaction (AV:N/AC:L/PR:N/UI:N); potential code execution justifies high C/I/A despite assured impact being DoS.
Primary rating from Vendor (GV).
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
AnalysisAI
Remote code execution in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-recognition cameras (firmware V1.12 and earlier) stems from a stack-based buffer overflow in the embedded thttpd web server, where overly long parameters in a specific request path overrun a fixed-size stack buffer. An unauthenticated remote attacker (per CVSS PR:N) can send a single crafted HTTP request to corrupt memory and cause denial of service or potentially execute arbitrary code on the device. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the device's thttpd web server (the HTTP management interface) and the attacker must target the specific request path whose parameter handling lacks bounds checking; the malicious input is an overly long parameter value in that request. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Multiple signals converge toward high priority but with notable data gaps. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker scans for internet-exposed GeoVision GV-LPC cameras and sends a single crafted HTTP request containing an overly long parameter on the vulnerable request path to the thttpd server. The oversized input overflows a stack buffer, crashing the daemon (denial of service) and, on devices lacking stack protections, potentially redirecting execution to attacker-supplied code for full device compromise. … |
| Remediation | No specific fixed firmware version was provided in the input, so no vendor-released patch version can be cited; consult GeoVision's security page at https://www.geovision.com.tw/cyber_security.php for the patched firmware build superseding V1.12 and upgrade affected GV-LPC2011/GV-LPC2211 units to it as the primary fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct inventory of all GeoVision GV-LPC2011 and GV-LPC2211 cameras running firmware V1.12 and earlier; identify network topology and assess external accessibility. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gv Lpclpc2011 2211
View allUnauthenticated remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate camera
Remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-recognition cameras (V1
Remote unauthenticated stack-based buffer overflow in the vlsvr login service of GeoVision GV-LPC2011 and GV-LPC2211 lic
Unauthenticated format string flaw in the vlsvr service of GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate capture devices (firmware V1.12 and earlier) lets
Arbitrary file read in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition appliances (firmware V1.12 and earl
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-capture devices (firmware V1.12 and earlier) allo
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier)
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate cameras (firmware V1.12 and earlier) lets remote
Same weakness CWE-121 – Stack-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39634
GHSA-6h6x-9v89-8vrr