CVE Catalog

CVE-2026-57874

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.32%

24th percentile — higher than 24% of all known CVEs

Summary

A buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier due to insufficient bounds checking when parsing filename values in multipart upload data. An unauthenticated remote attacker may exploit this by sending a crafted upload request with overly long input, causing memory corruption and denial of service.

Risk Assessment

The risk is that an unauthenticated remote attacker can cause a denial of service, potentially disrupting video surveillance systems and other services relying on these cameras.

Recommendation

Immediately update the firmware to a version newer than V1.12 if available. If not possible, restrict access to the device management interface to trusted networks only.

Original NVD description (English source)

An unauthenticated buffer overflow vulnerability exists in IEEE8021x_upload.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing filename values in multipart upload data. A remote attacker may exploit this vulnerability by sending a crafted upload request with overly long input, causing memory corruption and resulting in a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS