CVE-2026-57873
Deferred Deferred - Pending Action

NULL Pointer Dereference in GeoVision GV-LPC2011 and GV-LPC2211

Vulnerability report for CVE-2026-57873, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may exploit this vulnerability by sending a malformed multipart request, causing the affected CGI process to crash and resulting in a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
geovision gv-lpc2011 to 1.12 (exc)
geovision gv-lpc2211 to 1.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated NULL pointer dereference in the IEEE8021x_upload.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 or earlier.

It occurs because the software improperly validates multipart upload headers when processing certificate-related upload fields.

A remote attacker can exploit this by sending a malformed multipart request, which causes the CGI process to crash.

This crash results in a denial of service condition.

Detection Guidance

This vulnerability involves an unauthenticated NULL pointer dereference in the IEEE8021x_upload.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices when processing malformed multipart upload requests. Detection would typically involve monitoring for crashes or denial of service symptoms on these devices after receiving suspicious multipart HTTP requests.

Since the vulnerability is triggered by malformed multipart upload headers targeting certificate-related upload fields, network detection could focus on identifying unusual or malformed HTTP multipart POST requests to the IEEE8021x_upload.cgi endpoint.

Specific commands or tools to detect this vulnerability are not provided in the available resources. However, general approaches could include using network traffic analysis tools like tcpdump or Wireshark to capture HTTP POST requests to the vulnerable CGI path and inspecting them for malformed multipart headers.

Additionally, monitoring device logs for crashes or service interruptions related to the CGI process may help identify exploitation attempts.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) condition.

An attacker can remotely cause the affected CGI process to crash, potentially disrupting the normal operation of the GeoVision device.

Since the vulnerability does not affect confidentiality or integrity, the impact is limited to availability.

Compliance Impact

This vulnerability causes a denial of service by crashing the affected CGI process through a NULL pointer dereference. It does not directly impact confidentiality, integrity, or availability of data beyond service availability.

Since the vulnerability results in denial of service without compromising data confidentiality or integrity, its impact on compliance with standards like GDPR or HIPAA is limited to potential availability concerns.

However, denial of service could affect availability requirements under these regulations if the affected systems are critical for processing or accessing personal or protected health information.

Mitigation Strategies

To mitigate this vulnerability, it is important to apply any available firmware or software updates provided by GeoVision for the affected devices GV-LPC2011 and GV-LPC2211.

GeoVision follows a vulnerability management process that includes prompt updates for critical vulnerabilities such as this one, so checking their official cybersecurity page for patches or advisories is recommended.

Additionally, restricting network access to the affected devices and monitoring for unusual multipart upload requests may help reduce exposure until a fix is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57873. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart