CVE-2026-57876
Deferred Deferred - Pending Action

Out-of-Bounds Write in GeoVision GV-LPC2011 and GV-LPC2211

Vulnerability report for CVE-2026-57876, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description

An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
geovision gv-lpc2011 to 1.12 (exc)
geovision gv-lpc2211 to 1.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated out-of-bounds write in the onvif.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 and earlier.

It occurs because the software does not properly check the size of HTTP request body data before processing it.

A remote attacker can exploit this by sending a specially crafted HTTP request with excessive input, which causes memory corruption.

This memory corruption can lead to a denial of service condition on the affected device.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) on the affected GeoVision devices.

Because the vulnerability can be exploited remotely without authentication, an attacker can cause the device to crash or become unresponsive by sending a malicious HTTP request.

This could disrupt the normal operation of the device, potentially affecting surveillance or other functions provided by the device.

Compliance Impact

The vulnerability described is an unauthenticated out-of-bounds write that can cause denial of service by memory corruption. It does not involve unauthorized access to sensitive data or personal information.

Since the vulnerability results in denial of service without compromising confidentiality or integrity of data, its direct impact on compliance with standards like GDPR or HIPAA, which focus on protecting personal data privacy and integrity, is limited.

However, denial of service could indirectly affect availability requirements under such regulations, potentially impacting system reliability and service continuity.

Mitigation Strategies

To mitigate this vulnerability, it is important to apply any available firmware or software updates provided by GeoVision for the affected devices GV-LPC2011 and GV-LPC2211.

GeoVision follows a vulnerability management process that includes prompt updates for critical vulnerabilities, which this one is classified as due to its potential for denial of service.

Users should monitor GeoVision's official cybersecurity advisories and apply unscheduled updates as soon as they are released to address this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57876. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart