CVE-2026-42365
Authentication Bypass via Guessable Session Cookie in GeoVision LPC2211
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-lpc2011_firmware | 1.10 |
| geovision | gv-lpc2211_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-341 | A number or object is predictable based on observations that the attacker can make about the state of the system or network, such as time, process ID, etc. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Web Interface functionality of GeoVision LPC2011 and LPC2211 devices, version 1.10. It involves guessable session cookies, which means an attacker can brute force session cookie values through a specially crafted series of HTTP requests. Successfully exploiting this vulnerability allows the attacker to bypass authentication, gaining unauthorized access to the system.
How can this vulnerability impact me? :
The impact of this vulnerability is significant because it allows an attacker to bypass authentication without needing valid credentials. This can lead to unauthorized access to the affected GeoVision devices, potentially exposing sensitive information or control over the system. According to the CVSS v3.1 score of 8.6, the vulnerability has a high impact on confidentiality but does not affect integrity or availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves guessable session cookies in the Web Interface of GeoVision LPC2011/LPC2211 devices, which can be exploited by brute forcing session cookies through specially crafted HTTP requests.
To detect this vulnerability on your network or system, monitoring HTTP traffic for unusual or repeated session cookie attempts could be effective. Specifically, look for repeated HTTP requests with varying session cookie values targeting the GeoVision Web Interface.
Commands or tools that can help detect such activity include using network traffic analyzers like tcpdump or Wireshark to capture HTTP traffic, and then filtering for requests to the GeoVision device IP or hostname.
- Example tcpdump command to capture HTTP traffic to a GeoVision device: tcpdump -i <interface> host <device_ip> and port 80
- Use grep or similar tools to analyze captured traffic for repeated session cookie values or brute force patterns.
- Employ web application firewalls or intrusion detection systems (IDS) to alert on multiple failed or suspicious session cookie attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the GeoVision Web Interface to trusted networks or IP addresses to reduce exposure.
Implement strong session management policies, such as using unpredictable session cookies and limiting session lifetime.
Monitor for unusual authentication bypass attempts and consider deploying rate limiting or blocking mechanisms against repeated session cookie brute force attempts.
Stay updated with GeoVision's security advisories and apply any patches or firmware updates they release addressing this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly address how the CVE-2026-42365 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.