CVE-2026-57878 PUBLISHED

GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

Assigner: GV
Reserved: 26.06.2026 Published: 26.06.2026 Updated: 26.06.2026

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	GeoVision Inc.
Product	GV-LPCLPC2011/2211
Versions	Default: unaffected Version 1.12 is affected Version 1.13 is unaffected

Credits

Jincheng Wang (@winmt), Professor Le Yu of Nanjing University of Posts and Telecommunications, and Professor Xiapu Luo of The Hong Kong Polytechnic University has reported: finder

References

https://www.geovision.com.tw/cyber_security.php

Problem Types

CWE-121 Stack-based buffer overflow CWE

Impacts

CAPEC-100 Overflow Buffers