Description
An unauthenticated
stack-based buffer overflow vulnerability exists in vlsvr in GeoVision
GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by
insufficient length validation when processing remote login data. A remote
attacker may exploit this vulnerability by sending crafted login data with
overly long input, resulting in memory corruption, denial of service, or potentially
arbitrary code execution.
Published: 2026-06-26
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated stack‑based buffer overflow exists in the vlsvr component of GeoVision GV‑LPC2011 and GV‑LPC2211. The flaw results from insufficient length validation when processing remote login data, which allows an attacker to send crafted login packets that overflow the stack, corrupt memory, and potentially cause denial of service or arbitrary code execution. The vulnerability is a classic buffer overflow (CWE‑121) that could compromise confidentiality, integrity, and availability of the affected device.

Affected Systems

The affected products are GeoVision Inc.’s GV‑LPC2011 and GV‑LPC2211, versions 1.12 and all earlier releases. These versions are deployed on Linux‑based devices that expose a remote login interface. Versions 1.13 and later are not listed as vulnerable.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical severity. With no EPSS data available, the exploitation probability cannot be quantified, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is inferred to be remote: an unauthenticated attacker can exploit the flaw by transmitting an oversized login packet to the device over the network, triggering the stack overflow and resulting in denial of service or code execution.

Generated by OpenCVE AI on June 26, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch that fixes the buffer overflow in vlsvr for GV‑LPC2011 and GV‑LPC2211, version 1.12 and earlier.
  • Upgrade the device firmware to version 1.13 or later, which is reported to remove the flaw.
  • If upgrade or patching is not immediately possible, disable remote login services or restrict access to the login interface with firewall rules to block malicious traffic.

Generated by OpenCVE AI on June 26, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 07:45:00 +0000

Type Values Removed Values Added
Description An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
Title GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)
First Time appeared Geovision Inc.
Geovision Inc. gv-lpclpc2011 2211
Weaknesses CWE-121
CPEs cpe:2.3:a:geovision_inc.:gv-lpclpc2011_2211:1.12:*:linux:*:*:*:*:*
cpe:2.3:a:geovision_inc.:gv-lpclpc2011_2211:1.13:*:linux:*:*:*:*:*
Vendors & Products Geovision Inc.
Geovision Inc. gv-lpclpc2011 2211
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Geovision Inc. Gv-lpclpc2011 2211
cve-icon MITRE

Status: PUBLISHED

Assigner: GV

Published:

Updated: 2026-06-26T16:08:37.099Z

Reserved: 2026-06-26T02:40:42.398Z

Link: CVE-2026-57881

cve-icon Vulnrichment

Updated: 2026-06-26T16:07:16.644Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T08:30:04Z

Weaknesses
  • CWE-121

    Stack-based Buffer Overflow