CVE-2026-57876
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk23th percentile — higher than 23% of all known CVEs
Summary
In GeoVision GV-LPC2011 and GV-LPC2211 devices version V1.12 and earlier, an out-of-bounds write vulnerability exists in onvif.cgi. Insufficient bounds checking when processing HTTP request body data allows an unauthenticated remote attacker to cause memory corruption and denial of service (DoS) by sending a crafted request with excessive input.
Risk Assessment
An attacker can remotely crash the device, disrupting the video surveillance system and potentially causing loss of recordings.
Recommendation
Immediately update the firmware of GeoVision GV-LPC2011 and GV-LPC2211 devices to a version newer than V1.12 if a patch is available. Until the update, restrict access to the onvif.cgi interface to trusted networks only.
Original NVD description (English source)
An unauthenticated out-of-bounds write vulnerability exists in onvif.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing HTTP request body data. A remote attacker may exploit this vulnerability by sending a crafted request with excessive input, causing memory corruption and resulting in a denial of service.

