Description
An unauthenticated
stack-based buffer overflow vulnerability exists in ssvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient bounds checking when parsing RTSP Digest authentication fields. A
remote attacker may exploit this vulnerability by sending a crafted RTSP
request containing overly long authentication data, resulting in memory
corruption, denial of service, or potentially arbitrary code execution.
Published: 2026-06-26
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow located in the ssvr component of GeoVision GV‑LPC2011 and GV‑LPC2211 firmware versions 1.12 and earlier. It arises from insufficient bounds checking while parsing the RTSP Digest authentication fields. A remote attacker can send a specially crafted RTSP request containing excessively long authentication data, causing memory corruption that can lead to a denial of service or, in the worst case, arbitrary code execution on the device. The CVSS score of 9.8 reflects the critical severity of the issue.

Affected Systems

Affected devices are GeoVision Inc.’s GV‑LPC2011 and GV‑LPC2211 cameras running firmware 1.12 or earlier. Firmware 1.13 and newer versions contain the fix and are not impacted.

Risk and Exploitability

The CVSS score of 9.8 indicates high risk, and the vulnerability can be exploited from any external network location that can reach the RTSP service. No authentication is required to trigger the overflow. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. An attacker who successfully exploits the buffer overflow could achieve remote code execution, leading to full system compromise. The lack of access restrictions means that any host with network visibility to the RTSP endpoint is a potential target.

Generated by OpenCVE AI on June 26, 2026 at 09:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade firmware to 1.13 or newer.
  • Restrict RTSP access to trusted IP addresses or disable RTSP service if an update is not available.
  • Continuously monitor device logs for anomalous RTSP traffic and maintain an up‑to‑date inventory of installed firmware versions.

Generated by OpenCVE AI on June 26, 2026 at 09:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Title GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)
First Time appeared Geovision Inc.
Geovision Inc. gv-lpclpc2011 2211
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-lpclpc2011_2211:1.12:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-lpclpc2011_2211:1.13:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-lpclpc2011 2211
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Geovision Inc. Gv-lpclpc2011 2211
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-26T17:11:55.551Z

Reserved: 2026-06-26T02:40:42.398Z

Link: CVE-2026-57880

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T09:30:16Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow