CVE-2026-42364
Command Injection in GeoVision LPC2011/LPC2211
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-lpc2011_firmware | 1.10 |
| geovision | gv-lpc2211_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an OS command injection found in the DdnsSetting.cgi functionality of GeoVision LPC2011 and LPC2211 devices, version 1.10.
It occurs when a specially crafted DDNS configuration is submitted, allowing an attacker to execute arbitrary operating system commands.
The attacker can modify a configuration value to trigger this vulnerability.
How can this vulnerability impact me? :
This vulnerability can have severe impacts because it allows an attacker to execute arbitrary commands on the affected device.
- Complete compromise of the device's operating system.
- Potential unauthorized access to sensitive data.
- Disruption of device availability or functionality.
- Possibility for the attacker to use the device as a foothold for further network attacks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-42364 vulnerability is a critical OS command injection flaw in GeoVision LPC2011/LPC2211 devices that allows arbitrary command execution. Such a vulnerability can lead to unauthorized access, data breaches, and system compromise, which may impact compliance with common standards and regulations like GDPR and HIPAA that require protection of sensitive data and secure system operation.
GeoVision maintains a comprehensive cybersecurity policy with structured vulnerability management, including prompt disclosure and remediation of critical vulnerabilities. Their adherence to recognized security standards and timely updates helps mitigate risks that could affect regulatory compliance.
However, the provided information does not explicitly detail the direct impact of this specific vulnerability on compliance with GDPR, HIPAA, or other regulations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is important to apply any available security updates or patches provided by GeoVision as soon as possible.
GeoVision follows a structured vulnerability management process that includes prompt release of fixes for critical vulnerabilities such as this one, so regularly checking for and applying firmware or software updates is recommended.
Additionally, restricting access to the DDNS configuration interface and monitoring for unauthorized configuration changes can help reduce the risk of exploitation.