CVE-2026-42368

CRITICAL EPSS 26.7%

Published May 4, 20261mo ago · Modified Jun 17, 20261w ago

9.9 CVSS 3.1

Critical

Published May 4, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

CVSS Details

Base Score

9.9

Exploitability

3.1

Impact

6.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

26.7% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-266

Affected Products 4

Vendor	Product	Version	Range
geovision	gv-lpc2011_firmware	1.10	any
geovision	gv-lpc2011	*	any
geovision	gv-lpc2211_firmware	1.10	any
geovision	gv-lpc2211	*	any

References 3

https https://https://talosintelligence.com/vulnerability_reports/

Broken Link
geovision.com.tw https://www.geovision.com.tw/cyber_security.php

Vendor Advisory
talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2026-2329

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.