Skip to main content

GeoVision GV-LPC2011 EUVDEUVD-2026-39637

| CVE-2026-57881 CRITICAL
Stack-based Buffer Overflow (CWE-121)
2026-06-26 GV GHSA-45jw-wjqw-9fq9
9.8
CVSS 3.1 · Vendor: GV
Share

Severity by source

Vendor (GV) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Unauthenticated network-reachable login service with low-complexity over-length input (AV:N/AC:L/PR:N/UI:N); memory corruption can yield code execution affecting C/I/A high.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GV).

CVSS VectorVendor: GV

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 26, 2026 - 08:18 vuln.today

DescriptionCVE.org

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

AnalysisAI

Remote unauthenticated stack-based buffer overflow in the vlsvr login service of GeoVision GV-LPC2011 and GV-LPC2211 license plate capture cameras (firmware V1.12 and earlier) lets a remote attacker corrupt memory by sending an over-length login field, enabling denial of service and potentially arbitrary code execution. The flaw requires no authentication and no user interaction (CVSS 9.8). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach exposed vlsvr login port
Delivery
Send crafted login with over-long field
Exploit
Overflow fixed-size stack buffer
Execution
Overwrite saved return address
Persist
Hijack execution or crash service
Impact
Run code or cause DoS

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the vlsvr remote login service on a GeoVision GV-LPC2011 or GV-LPC2211 running firmware V1.12 or earlier; the attacker sends crafted login data with an over-length field to trigger the overflow. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals align toward genuine priority: the CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N (score 9.8) describes pre-authentication, low-complexity, network-reachable exploitation with high confidentiality, integrity, and availability impact, which for an exposed login service is a worst-case profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the camera's vlsvr login port over the network connects and submits a login request containing an abnormally long input field, overflowing the fixed-size stack buffer. The corruption crashes the service (denial of service) or, with a crafted payload that controls the overwritten return address, redirects execution to attacker-supplied code on the device. …
Remediation No vendor-released patch version is identified in the available data; consult the GeoVision security advisory at https://www.geovision.com.tw/cyber_security.php for a firmware build later than V1.12 and upgrade GV-LPC2011/GV-LPC2211 devices as soon as one is published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all affected cameras (GV-LPC2011, GV-LPC2211, firmware V1.12 or earlier) via inventory system and isolate from untrusted networks; restrict login-service (vlsvr) access to administrative hosts only via firewall rules. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-39637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy