Skip to main content

GeoVision GV-LPC EUVDEUVD-2026-39633

| CVE-2026-57877 HIGH
Use of Externally-Controlled Format String (CWE-134)
2026-06-26 GV GHSA-3ff2-4v74-vhq8
8.6
CVSS 3.1 · Vendor: GV
Share

Severity by source

Vendor (GV) PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
vuln.today AI
8.6 HIGH

Unauthenticated network attack on the login path (AV:N/AC:L/PR:N/UI:N); reliable crash gives A:H while probabilistic format-string memory read/write yields only partial C:L/I:L.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GV).

CVSS VectorVendor: GV

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 08:17 vuln.today

DescriptionCVE.org

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.

AnalysisAI

Unauthenticated format string flaw in the vlsvr service of GeoVision GV-LPC2011 and GV-LPC2211 license plate recognition cameras (firmware V1.12 and earlier) lets remote attackers send crafted login data that the device passes unsanitized into a log-formatting routine. Successful exploitation can leak memory contents, corrupt memory, or crash the service, with the high availability impact (CVSS 8.6) reflecting denial of service as the most reliable outcome. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach camera login service over network
Delivery
Send login data with format specifiers
Exploit
Format string interpreted by log routine
Execution
Leak memory or corrupt/crash vlsvr
Impact
Information disclosure or denial of service

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the vlsvr service's login endpoint on a GV-LPC2011 or GV-LPC2211 running firmware V1.12 or earlier - per CVSS PR:N/UI:N it is unauthenticated and needs no user interaction, so any attacker who can reach the login port can send the crafted format-string payload. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) describes a network-reachable, low-complexity, fully unauthenticated attack against the login path, which is a genuinely high-priority profile for an internet- or LAN-exposed camera. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with network access to a GV-LPC camera's login service submits login data containing format specifiers (e.g., %x%x%n) instead of valid credentials. Because the input is fed directly into a log-formatting call, the device leaks memory back to the attacker or crashes the vlsvr service, taking the camera offline. …
Remediation Consult the GeoVision security advisory at https://www.geovision.com.tw/cyber_security.php and upgrade GV-LPC2011/GV-LPC2211 firmware to a release later than V1.12 once the vendor publishes a fixed build - no exact patched version number was provided in the input, so Patch availability per vendor advisory should be verified directly with GeoVision. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Audit inventory of GeoVision GV-LPC2011 and GV-LPC2211 cameras; document all firmware versions; restrict network access to vlsvr service to authorized administration networks only via firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39633 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy