Lucene search
K

30 matches found

NVD
NVD
added 2026/06/26 8:16 a.m.7 views

CVE-2026-57880

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by...

9.8CVSS0.0053EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:17 a.m.7 views

EUVD-2026-39637

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending craft...

9.8CVSS6.2AI score0.00376EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 7:17 a.m.8 views

EUVD-2026-39634

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS6.4AI score0.00531EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.6 views

CVE-2026-57875

An unauthenticated NULL pointer dereference vulnerability exists in the HTTP request parsing logic of multiple CGI components in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of required HTTP request metadata before it is used by the...

7.5CVSS5.9AI score0.01266EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.6 views

CVE-2026-57874

An unauthenticated buffer overflow vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this...

7.5CVSS5.9AI score0.00318EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.40 views

CVE-2026-57873 GV-LPC2011/LPC2211 - unauthorized null pointer dereference vulnerability (IEEE8021x_upload.cgi)

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS0.00206EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.6 views

CVE-2026-57873

An unauthenticated NULL pointer dereference vulnerability exists in IEEE8021xupload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by improper validation of multipart upload headers when processing certificate-related upload fields. A remote attacker may...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52669

Name of the Vulnerable Software and Affected Versions GeoVision GV-LPC2011 versions prior to 1.13 GeoVision GV-LPC2211 versions prior to 1.13 Description An unauthenticated directory traversal issue exists in the 'get fcont.cgi' endpoint. This occurs due to insufficient validation of user-supplie...

7.5CVSS6AI score0.00969EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/05 8:20 a.m.12 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 1:16 a.m.34 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/04 12:39 a.m.25 views

CVE-2026-7161

GeoVision GV-IP Device Utility 9.0.5 is affected by an insufficient encryption vulnerability in Device Authentication. The protocol encrypts username/password for privileged commands using a derivation of Blowfish, but the symmetric key is included in the same UDP broadcast packet, making credent...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.10 views

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. The version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from the privilege escalation in the Web Interfac...

6.5CVSS5.8AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

GeoVision LPC2011和GeoVision LPC2211 安全漏洞

Both GeoVision LPC2011 and GeoVision LPC2211 are network monitoring control devices produced by the Chinese company GeoVision. The version 1.10 of GeoVision LPC2011 and GeoVision LPC2211 contain security vulnerabilities. These vulnerabilities stem from privilege escalation within the Web Interfac...

9.9CVSS5.9AI score0.00348EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36734

Multiple reflected cross-site scripting xss vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabili...

7.4CVSS5.9AI score0.00196EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.15 views

PT-2026-36739

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leak of credentials. When the utility sends privileged commands to devices over UDP, the username and...

9.3CVSS5.9AI score0.00214EPSS
Exploits0References10
NVD
NVD
added 2026/04/27 12:16 a.m.7 views

CVE-2026-42363

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS0.00186EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/26 11:58 p.m.5 views

EUVD-2026-25743

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.5AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/21 9:29 p.m.13 views

CVE-2018-25118

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...

10CVSS8.4AI score0.01318EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/21 12:30 a.m.7 views

EUVD-2018-21605

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19...

9.3CVSS7.8AI score0.01318EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/20 9:14 p.m.2 views

CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi

GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life EOL by the vendor. VulnCheck has...

10CVSS8AI score0.01318EPSS
Exploits0References5
Rows per page
Query Builder