CVE-2026-57876
Received Received - Intake
Out-of-Bounds Write in GeoVision GV-LPC2011 and GV-LPC2211

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description
An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57876
EUVD
EUVD-2026-39632
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
geovision gv-lpc2011 to 1.12 (exc)
geovision gv-lpc2211 to 1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated out-of-bounds write in the onvif.cgi component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 and earlier.

It occurs because the software does not properly check the size of HTTP request body data before processing it.

A remote attacker can exploit this by sending a specially crafted HTTP request with excessive input, which causes memory corruption.

This memory corruption can lead to a denial of service condition on the affected device.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) on the affected GeoVision devices.

Because the vulnerability can be exploited remotely without authentication, an attacker can cause the device to crash or become unresponsive by sending a malicious HTTP request.

This could disrupt the normal operation of the device, potentially affecting surveillance or other functions provided by the device.

Compliance Impact

The vulnerability described is an unauthenticated out-of-bounds write that can cause denial of service by memory corruption. It does not involve unauthorized access to sensitive data or personal information.

Since the vulnerability results in denial of service without compromising confidentiality or integrity of data, its direct impact on compliance with standards like GDPR or HIPAA, which focus on protecting personal data privacy and integrity, is limited.

However, denial of service could indirectly affect availability requirements under such regulations, potentially impacting system reliability and service continuity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57876. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart