CVE-2026-42364
CriticalCVSS 9.9Exploitation Probability (EPSS)
Elevated risk73th percentile — higher than 73% of all known CVEs
Summary
There is an os command injection vulnerability in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution.
Risk Assessment
An attacker can modify a configuration value, creating a risk of unauthorized access and execution of malicious code. This could lead to serious security implications for the organization.
Recommendation
It is recommended to update the software to the latest version to mitigate this vulnerability. Additionally, access to the DDNS configuration functionality should be monitored and restricted.
Original NVD description (English source)
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

