Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Unauthenticated network attack on the login path (AV:N/AC:L/PR:N/UI:N); reliable crash gives A:H while probabilistic format-string memory read/write yields only partial C:L/I:L.
Primary rating from Vendor (GV).
CVSS VectorVendor: GV
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.
AnalysisAI
Unauthenticated format string flaw in the vlsvr service of GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier) lets remote attackers send crafted login data that the device passes unsanitized into a log-formatting routine. Successful exploitation can leak memory contents, corrupt memory, or crash the service, with the high availability impact (CVSS 8.6) reflecting denial of service as the most reliable outcome. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only network reachability to the vlsvr service's login endpoint on a GV-LPC2011 or GV-LPC2211 running firmware V1.12 or earlier - per CVSS PR:N/UI:N it is unauthenticated and needs no user interaction, so any attacker who can reach the login port can send the crafted format-string payload. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) describes a network-reachable, low-complexity, fully unauthenticated attack against the login path, which is a genuinely high-priority profile for an internet- or LAN-exposed camera. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network access to a GV-LPC camera's login service submits login data containing format specifiers (e.g., %x%x%n) instead of valid credentials. Because the input is fed directly into a log-formatting call, the device leaks memory back to the attacker or crashes the vlsvr service, taking the camera offline. … |
| Remediation | Consult the GeoVision security advisory at https://www.geovision.com.tw/cyber_security.php and upgrade GV-LPC2011/GV-LPC2211 firmware to a release later than V1.12 once the vendor publishes a fixed build - no exact patched version number was provided in the input, so Patch availability per vendor advisory should be verified directly with GeoVision. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Audit inventory of GeoVision GV-LPC2011 and GV-LPC2211 cameras; document all firmware versions; restrict network access to vlsvr service to authorized administration networks only via firewall rules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Gv Lpclpc2011 2211
View allRemote code execution in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-recognition cameras (firmware V1.12 and earli
Unauthenticated remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate camera
Remote code execution and denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-recognition cameras (V1
Remote unauthenticated stack-based buffer overflow in the vlsvr login service of GeoVision GV-LPC2011 and GV-LPC2211 lic
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate capture devices (firmware V1.12 and earlier) lets
Arbitrary file read in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition appliances (firmware V1.12 and earl
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license-plate-capture devices (firmware V1.12 and earlier) allo
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier)
Denial of service in GeoVision GV-LPC2011 and GV-LPC2211 license plate cameras (firmware V1.12 and earlier) lets remote
Same weakness CWE-134 – Use of Externally-Controlled Format String
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39633
GHSA-3ff2-4v74-vhq8