CVE-2026-42368 PUBLISHED

GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

Assigner: GV
Reserved: 26.04.2026 Published: 04.05.2026 Updated: 04.05.2026

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9.9

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	GeoVision Inc.
Product	GV-LPC2011/LPC2211
Versions	Default: unaffected Version 1.10 is affected Version 1.2 is unaffected

Solutions

GeoVision GV-LPC2011/LPC2211 V1.12-260330 has patched the reported vulnerability.

The user may visit the GeoVision website or contact the GeoVision Support team for firmware update.

Credits

Philippe Laulheret of Cisco Talos. finder
Kelly Patterson of Cisco Talos. remediation reviewer
Martin Zeiser of Cisco Talos. coordinator

References

Problem Types

CWE-266 Incorrect privilege assignment CWE

Impacts

CAPEC-233 Privilege Escalation