CVE-2026-57877
Received Received - Intake
Format String Vulnerability in GeoVision GV-LPC2011 and GV-LPC2211

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description
An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-57877
EUVD
EUVD-2026-39633
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
geovision gv-lpc2011 to 1.12 (exc)
geovision gv-lpc2211 to 1.12 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-134 The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated format string flaw in the vlsvr component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 and earlier.

It occurs because the software improperly handles externally controlled input during the formatting of log messages in the login processing path.

A remote attacker can exploit this by sending specially crafted login data, which may lead to information disclosure, memory corruption, or denial of service.

Impact Analysis

Exploitation of this vulnerability can have several impacts:

  • Information disclosure - sensitive data may be exposed to an attacker.
  • Memory corruption - which could lead to unpredictable behavior or system crashes.
  • Denial of service - the affected device or service may become unavailable.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57877. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart