CVE Catalog

CVE-2026-57878

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile — higher than 41% of all known CVEs

Summary

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Risk Assessment

The risk includes the possibility of remote code execution by an unauthenticated attacker, which could lead to full device compromise, as well as denial of service (DoS).

Recommendation

It is recommended to immediately update the firmware of GeoVision GV-LPC2011 and GV-LPC2211 devices to a version later than V1.12. If an update is not available, restrict HTTP interface access to trusted networks only.

Original NVD description (English source)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this vulnerability by sending a crafted HTTP request with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS