CVE-2026-42367
Privilege Escalation via Credentials Leak in GeoVision LPC2011/LPC2211 Web Interface
Publication date: 2026-05-04
Last updated on: 2026-05-05
Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geovision | gv-lpc2011_firmware | 1.10 |
| geovision | gv-lpc2211_firmware | 1.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a privilege escalation issue found in the Web Interface / ssi.cgi functionality of GeoVision LPC2011 and LPC2211 version 1.10. It occurs when a specially crafted HTTP request is sent, which can cause credentials to be leaked. An attacker can exploit this by simply visiting a webpage that triggers the vulnerability.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could gain access to sensitive credentials by exploiting the privilege escalation flaw. This could allow unauthorized access to the system or sensitive information, potentially compromising security.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in GeoVision LPC2011/LPC2211 allows privilege escalation and credential leakage, which could potentially impact compliance with data protection standards such as GDPR and HIPAA by exposing sensitive user credentials.
GeoVision maintains a comprehensive cybersecurity policy and a structured vulnerability management process that includes prompt identification, classification, and remediation of vulnerabilities. This approach supports adherence to recognized security standards and helps mitigate risks that could affect regulatory compliance.
However, the provided information does not explicitly state the direct impact of this specific vulnerability on compliance with GDPR, HIPAA, or other regulations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a specially crafted HTTP request targeting the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 devices. Detection can focus on monitoring HTTP traffic for unusual or suspicious requests to the ssi.cgi endpoint.
Network administrators can use tools like tcpdump or Wireshark to capture HTTP requests and filter for requests containing 'ssi.cgi'. For example, a tcpdump command to capture such traffic might be:
- tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'ssi.cgi'
Additionally, web server logs on the affected devices can be reviewed for any access to ssi.cgi with unusual parameters or from unknown IP addresses.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable Web Interface / ssi.cgi functionality by limiting network exposure, such as placing the device behind a firewall or VPN and restricting HTTP access to trusted IP addresses only.
GeoVision follows a structured vulnerability management process and typically releases updates or patches for critical vulnerabilities. Users should check GeoVision's official cybersecurity page for any available firmware updates or security advisories related to this vulnerability and apply them promptly.
If no patch is available yet, disabling or blocking HTTP access to the ssi.cgi endpoint can reduce risk until an update is applied.