CVE-2026-57877
Deferred Deferred - Pending Action

Format String Vulnerability in GeoVision GV-LPC2011 and GV-LPC2211

Vulnerability report for CVE-2026-57877, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: 0df08a0e-a200-4957-9bb0-084f562506f9

Description

An unauthenticated format string vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper handling of externally controlled input during log message formatting in the login processing path. A remote attacker may exploit this vulnerability by sending crafted login data, potentially causing information disclosure, memory corruption, or a denial of service.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
geovision gv-lpc2011 to 1.12 (exc)
geovision gv-lpc2211 to 1.12 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-134 The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an unauthenticated format string flaw in the vlsvr component of GeoVision GV-LPC2011 and GV-LPC2211 devices running version 1.12 and earlier.

It occurs because the software improperly handles externally controlled input during the formatting of log messages in the login processing path.

A remote attacker can exploit this by sending specially crafted login data, which may lead to information disclosure, memory corruption, or denial of service.

Impact Analysis

Exploitation of this vulnerability can have several impacts:

  • Information disclosure - sensitive data may be exposed to an attacker.
  • Memory corruption - which could lead to unpredictable behavior or system crashes.
  • Denial of service - the affected device or service may become unavailable.
Compliance Impact

The provided information does not explicitly address how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, it is recommended to apply any available security updates or patches provided by GeoVision as soon as possible.

GeoVision follows a structured vulnerability management process that includes prompt release of unscheduled updates for critical vulnerabilities like this one.

Users should monitor GeoVision's official cybersecurity advisories and update their GV-LPC2011 and GV-LPC2211 devices to the latest firmware versions that address this issue.

Additionally, restricting network access to the affected devices and monitoring for unusual login attempts may help reduce exposure until patches are applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57877. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart