CVE-2026-57881 PUBLISHED

GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

Assigner: GV
Reserved: 26.06.2026 Published: 26.06.2026 Updated: 26.06.2026

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	GeoVision Inc.
Product	GV-LPCLPC2011/2211
Versions	Default: unaffected Version 1.12 is affected Version 1.13 is unaffected

Credits

Jincheng Wang (@winmt), Professor Le Yu of Nanjing University of Posts and Telecommunications, and Professor Xiapu Luo of The Hong Kong Polytechnic University has reported: finder

References

https://www.geovision.com.tw/cyber_security.php

Problem Types

CWE-121 Stack-based buffer overflow CWE

Impacts

CAPEC-100 Overflow Buffers