Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated remote RTSP request triggers the overflow (AV:N/AC:L/PR:N/UI:N); memory corruption enabling code execution yields full C:H/I:H/A:H on an unchanged scope.
Primary rating from Vendor (GV).
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
AnalysisAI
Unauthenticated remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate camera devices (firmware V1.12 and earlier) stems from a stack-based buffer overflow in the ssvr streaming component's RTSP Digest authentication parser. A remote attacker reachable on the RTSP service can send overly long authentication field data to corrupt the stack, crashing the device or potentially executing arbitrary code with no credentials or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the RTSP/ssvr service on a GeoVision GV-LPC2011 or GV-LPC2211 running firmware V1.12 or earlier, and the attacker must send a crafted RTSP request carrying overly long Digest authentication field data - that malformed authentication header is the concrete trigger. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | All available severity signals point to high real-world risk: the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates fully remote, low-complexity, unauthenticated exploitation with high confidentiality, integrity, and availability impact, scored 9.8 Critical. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the camera's RTSP port crafts an RTSP request (e.g., DESCRIBE or OPTIONS) containing a malformed Authorization: Digest header with an excessively long field such as username or response, and sends it without any valid credentials. The oversized value overflows the fixed stack buffer in ssvr, reliably crashing the streaming service (denial of service) and potentially overwriting the return address to execute attacker-supplied code; no public exploit was identified at time of analysis, so RCE reliability is unproven and DoS is the more certain outcome. |
| Remediation | Upgrade affected GV-LPC2011 and GV-LPC2211 devices to firmware newer than V1.12 as published on the GeoVision security advisory page at https://www.geovision.com.tw/cyber_security.php; no exact fixed version number was provided in the source data, so verify the patched build directly with the vendor before deployment. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and inventory all GeoVision GV-LPC2011 and GV-LPC2211 devices running firmware V1.12 or earlier; isolate them from direct internet access using network segmentation, VLANs, or air-gapping. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gv Lpclpc2011 2211
View allRemote code execution in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-recognition cameras (firmware V1.12 and earli
Remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-recognition cameras (V1
Remote unauthenticated stack-based buffer overflow in the vlsvr login service of GeoVision GV-LPC2011 and GV-LPC2211 lic
Unauthenticated format string flaw in the vlsvr service of GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate capture devices (firmware V1.12 and earlier) lets
Arbitrary file read in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition appliances (firmware V1.12 and earl
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-capture devices (firmware V1.12 and earlier) allo
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier)
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate cameras (firmware V1.12 and earlier) lets remote
Same weakness CWE-121 – Stack-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39636
GHSA-pf4w-4444-q95v