Skip to main content

GeoVision LPC2011/LPC2211 CVE-2026-7371

| EUVDEUVD-2026-26863 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-05-04 GV
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 04, 2026 - 01:46 vuln.today
EUVD ID Assigned
May 04, 2026 - 01:15 euvd
EUVD-2026-26863
Analysis Generated
May 04, 2026 - 01:15 vuln.today
CVE Published
May 04, 2026 - 00:43 nvd
HIGH 7.4

DescriptionCVE.org

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page.

AnalysisAI

Reflected cross-site scripting in GeoVision LPC2011/LPC2211 Web Interface enables remote attackers to execute arbitrary JavaScript in victim browsers via crafted URLs targeting the ssi.cgi error handler. The vulnerability chains through social engineering (requires user interaction) but achieves high confidentiality impact through changed scope (S:C), allowing session hijacking and credential theft from authenticated administrators. EPSS data not provided; no CISA KEV listing indicates this is not yet confirmed as actively exploited in the wild. Publicly available exploit code status unknown but detailed technical disclosure exists from Cisco Talos Intelligence.

Technical ContextAI

The vulnerability affects the ssi.cgi component of GeoVision's LPC2011/LPC2211 IP camera firmware version 1.10, specifically in error message handling for non-existing page requests. This is a classic reflected XSS (CWE-79) where user-supplied input in URLs is echoed back in HTTP error responses without proper sanitization or output encoding. The web interface fails to validate or escape parameters before reflecting them in HTML context, allowing injection of <script> tags or event handlers. The CPE string (cpe:2.3:a:geovision_inc.:gv-lpc2011/lpc2211:*:*:*:*:*:*:*:*) identifies this as an application-layer vulnerability in GeoVision's physical security camera platform used for access control and surveillance in corporate and institutional environments. The changed scope (S:C) in the CVSS vector indicates the vulnerable component (web interface) can affect resources beyond its security scope, typically meaning JavaScript execution can access authentication tokens or session data for privileged administrative functions.

RemediationAI

Apply vendor-supplied firmware update from GeoVision's cyber security advisory page (https://www.geovision.com.tw/cyber_security.php) - specific patched firmware version not provided in available data but should be confirmed directly from the advisory. Until patching is complete, implement network-level compensating controls: restrict web interface access to dedicated management VLANs with firewall rules blocking internet-facing access (effectiveness: high, trade-off: requires network segmentation capability); configure reverse proxy with Web Application Firewall rules to sanitize URL parameters and block JavaScript injection patterns in ssi.cgi requests (effectiveness: medium-high, trade-off: adds latency and complexity); deploy security awareness training specifically warning administrators against clicking links to camera management interfaces from untrusted sources like email or messaging apps (effectiveness: low-medium, trade-off: relies on human behavior). For high-security deployments, consider temporary disabling of web-based management in favor of serial console or dedicated management appliances until patch deployment is verified. Note that network isolation is the most reliable mitigation given the changed scope impact - preventing untrusted network access eliminates the AV:N attack vector entirely.

Share

CVE-2026-7371 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy