Description
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
Published: 2026-05-04
Score: 9.9 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A specially crafted HTTP request to the web interface of GeoVision LPC2011/LPC2211 1.10 can trigger privileged operations. Exploitation elevates an attacker’s privileges, potentially granting full control over the device. The weakness aligns with CWE-266, indicating a flaw in authorization controls.

Affected Systems

The affected devices are GeoVision Inc.'s GV-LPC2011/LPC2211 series, specifically firmware versions 1.10 and potentially earlier releases such as 1.2. The vulnerability is documented for the 1.10 build, and earlier builds may share the same code path. All models running those firmware versions are impacted.

Risk and Exploitability

The CVSS score is 9.9, signifying critical risk, and the EPSS is not available, meaning no publicly released exploit statistics are currently known. The vulnerability is not listed in CISA’s KEV catalog, but the high severity indicates it could be used in targeted attacks. The likely attack vector is remote HTTP access to the web interface, and a forged request from a neighboring or compromised network could trigger the exploit.

Generated by OpenCVE AI on May 4, 2026 at 02:21 UTC.

Remediation

Vendor Solution

GeoVision GV-LPC2011/LPC2211 V1.12-260330 has patched the reported vulnerability.  The user may visit the GeoVision website or contact the GeoVision Support team for firmware update.

OpenCVE Recommended Actions

  • Update the device firmware to GV‑LPC2011/LPC2211 V1.12‑260330 or later, which contains the patch for the privilege escalation flaw.
  • If possible, restrict external access to the web interface or place the device behind a firewall to limit exposure.
  • Monitor web interface logs for malformed or unexpected HTTP requests that may indicate attempted exploitation.

Generated by OpenCVE AI on May 4, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 01:15:00 +0000

Type Values Removed Values Added
Description A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
Title GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability
First Time appeared Geovision Inc.
Geovision Inc. gv-lpc2011 Lpc2211
Weaknesses CWE-266
CPEs cpe:2.3:a:geovision_inc.:gv-lpc2011_lpc2211:1.10:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-lpc2011_lpc2211:1.2:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-lpc2011 Lpc2211
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Geovision Inc. Gv-lpc2011 Lpc2211
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-05-04T00:45:53.668Z

Reserved: 2026-04-26T23:39:08.350Z

Link: CVE-2026-42368

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T01:16:04.020

Modified: 2026-05-04T01:16:04.020

Link: CVE-2026-42368

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T02:30:34Z

Weaknesses