CVE-2026-57874
Deferred Deferred - Pending Action

Buffer Overflow in GeoVision GV-LPC2011 and GV-LPC2211

Vulnerability report for CVE-2026-57874, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description

An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
geovision gv-lpc2011 to 1.12 (exc)
geovision gv-lpc2211 to 1.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated buffer overflow in the IEEE8021x_upload.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 and earlier.

It occurs because the software does not properly check the length of filename values when processing multipart upload data.

A remote attacker can exploit this by sending a specially crafted upload request with an excessively long filename, which causes memory corruption.

This memory corruption can lead to a denial of service condition.

Impact Analysis

Exploitation of this vulnerability can cause a denial of service on affected GeoVision devices.

Since the vulnerability is unauthenticated and remotely exploitable, an attacker can disrupt device availability without needing credentials.

This could impact the reliability and availability of services relying on these devices.

Compliance Impact

The vulnerability described is a buffer overflow in GeoVision devices that can lead to denial of service. It does not involve unauthorized access to data or compromise of confidentiality or integrity.

Since the vulnerability results in denial of service without impacting data confidentiality or integrity, it does not directly affect compliance with standards like GDPR or HIPAA, which primarily focus on protecting personal data privacy and security.

Mitigation Strategies

To mitigate this vulnerability, it is important to apply any available firmware or software updates provided by GeoVision for the affected devices GV-LPC2011 and GV-LPC2211.

GeoVision follows a structured vulnerability management process that includes prompt updates for critical vulnerabilities such as this one, so checking their official cybersecurity page for the latest patches and advisories is recommended.

Additionally, as the vulnerability can be exploited remotely via crafted upload requests, restricting or monitoring access to the IEEE8021x_upload.cgi endpoint and implementing network-level protections such as firewalls or intrusion detection systems may help reduce exposure until patches are applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57874. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart