CVE-2026-57872
HighCVSS 7.5Exploitation Probability (EPSS)
Elevated risk57th percentile — higher than 57% of all known CVEs
Summary
An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.
Risk Assessment
The risk involves unauthorized reading of sensitive system files such as configurations, passwords, or login data, which could enable further attack escalation.
Recommendation
It is recommended to immediately update the firmware to a version later than V1.12, and if not available, restrict access to the CGI interface to trusted networks only or use a firewall to block unauthorized requests.
Original NVD description (English source)
An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.

