CVE Catalog

CVE-2026-42364

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.61%

73th percentile — higher than 73% of all known CVEs

Summary

There is an os command injection vulnerability in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution.

Risk Assessment

An attacker can modify a configuration value, creating a risk of unauthorized access and execution of malicious code. This could lead to serious security implications for the organization.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability. Additionally, access to the DDNS configuration functionality should be monitored and restricted.

Original NVD description (English source)

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS