Skip to main content

GeoVision GV-LPC CVE-2026-57880

| EUVDEUVD-2026-39636 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-06-26 GV GHSA-pf4w-4444-q95v
9.8
CVSS 3.1 · Vendor: GV
Share

Severity by source

Vendor (GV) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Unauthenticated remote RTSP request triggers the overflow (AV:N/AC:L/PR:N/UI:N); memory corruption enabling code execution yields full C:H/I:H/A:H on an unchanged scope.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GV).

CVSS VectorVendor: GV

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 08:18 vuln.today

DescriptionCVE.org

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

AnalysisAI

Unauthenticated remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate camera devices (firmware V1.12 and earlier) stems from a stack-based buffer overflow in the ssvr streaming component's RTSP Digest authentication parser. A remote attacker reachable on the RTSP service can send overly long authentication field data to corrupt the stack, crashing the device or potentially executing arbitrary code with no credentials or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach device RTSP port
Delivery
Send crafted RTSP request with oversized Digest field
Exploit
Overflow fixed stack buffer in ssvr
Execution
Overwrite saved return address
Impact
Crash service or execute arbitrary code

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the RTSP/ssvr service on a GeoVision GV-LPC2011 or GV-LPC2211 running firmware V1.12 or earlier, and the attacker must send a crafted RTSP request carrying overly long Digest authentication field data - that malformed authentication header is the concrete trigger. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment All available severity signals point to high real-world risk: the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates fully remote, low-complexity, unauthenticated exploitation with high confidentiality, integrity, and availability impact, scored 9.8 Critical. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the camera's RTSP port crafts an RTSP request (e.g., DESCRIBE or OPTIONS) containing a malformed Authorization: Digest header with an excessively long field such as username or response, and sends it without any valid credentials. The oversized value overflows the fixed stack buffer in ssvr, reliably crashing the streaming service (denial of service) and potentially overwriting the return address to execute attacker-supplied code; no public exploit was identified at time of analysis, so RCE reliability is unproven and DoS is the more certain outcome.
Remediation Upgrade affected GV-LPC2011 and GV-LPC2211 devices to firmware newer than V1.12 as published on the GeoVision security advisory page at https://www.geovision.com.tw/cyber_security.php; no exact fixed version number was provided in the source data, so verify the patched build directly with the vendor before deployment. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify and inventory all GeoVision GV-LPC2011 and GV-LPC2211 devices running firmware V1.12 or earlier; isolate them from direct internet access using network segmentation, VLANs, or air-gapping. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57880 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy