Description
An unauthenticated
stack-based buffer overflow vulnerability exists in ssvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when processing RTSP custom authentication data. A
remote attacker may exploit this vulnerability by sending a crafted RTSP
request, resulting in memory corruption, denial of service, or potentially
arbitrary code execution.
Published: 2026-06-26
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated stack‑based buffer overflow exists in the GeoVision ssvr component of GV‑LPC2011 and GV‑LPC2211 firmware versions 1.12 and older. The issue arises from inadequate bounds checking when processing RTSP custom authentication data, allowing a remote attacker to send a crafted RTSP request that corrupts memory. This can lead to a denial of service and, if successfully exploited, arbitrary code execution.

Affected Systems

GeoVision Inc.’s GV‑LPC2011 and GV‑LPC2211 products running firmware 1.12 or earlier on Linux are affected. The vulnerability is tied to the ssvr protocol handler that listens for RTSP connections.

Risk and Exploitability

The CVSS score of 9.8 classifies this as Critical. No EPSS score is available, so the exact exploitation probability is unknown, yet the vulnerability is remote and directly exploitable via standard RTSP ports. The lack of a public exploit does not reduce the potential risk, and it is not listed in the CISA KEV catalog, which means defensive measures should be applied promptly.

Generated by OpenCVE AI on June 26, 2026 at 08:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade GeoVision firmware to version 1.13 or later, which contains the ssvr buffer overflow fix.
  • Configure firewall or network segmentation to block any untrusted RTSP traffic to the affected devices.
  • Run the ssvr service with the least privileges necessary and isolate it using a dedicated network namespace or container.
  • Monitor ssvr logs and network traffic for abnormal RTSP to detect potential overflow attempts.

Generated by OpenCVE AI on June 26, 2026 at 08:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Title GV-LPC2011/LPC2211 - unauthorized buffer overflow via AuthMode/AuthValue path (ssvr)
First Time appeared Geovision Inc.
Geovision Inc. gv-lpclpc2011 2211
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-lpclpc2011_2211:1.12:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-lpclpc2011_2211:1.13:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-lpclpc2011 2211
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Geovision Inc. Gv-lpclpc2011 2211
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-26T15:57:42.515Z

Reserved: 2026-06-26T02:40:42.398Z

Link: CVE-2026-57879

cve-icon Vulnrichment

Updated: 2026-06-26T15:57:35.610Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T08:30:04Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow