Home

Description

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

PUBLISHED Reserved 2026-06-26 | Published 2026-06-26 | Updated 2026-06-26 | Assigner GV




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-121 Stack-based buffer overflow

Product status

Default status
unaffected

1.12
affected

1.13
unaffected

Timeline

2026-06-17:Finder reports vulnerability to vendor

Credits

Jincheng Wang (@winmt), Professor Le Yu of Nanjing University of Posts and Telecommunications, and Professor Xiapu Luo of The Hong Kong Polytechnic University has reported: finder

References

www.geovision.com.tw/cyber_security.php

cve.org (CVE-2026-57881)

nvd.nist.gov (CVE-2026-57881)

Download JSON