CVE-2026-42367

MEDIUM EPSS 18.7%

Published May 4, 20261mo ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published May 4, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.

CVSS Details

Base Score

6.5

Exploitability

2.8

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

18.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-522

Affected Products 4

Vendor	Product	Version	Range
geovision	gv-lpc2011_firmware	1.10	any
geovision	gv-lpc2011	*	any
geovision	gv-lpc2211_firmware	1.10	any
geovision	gv-lpc2211	*	any

References 3

talosintelligence.com https://talosintelligence.com/vulnerability_reports/

Third Party Advisory
geovision.com.tw https://www.geovision.com.tw/cyber_security.php

Vendor Advisory
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2328

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.