CVE-2026-42368

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-42368
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.

9.9 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://https://talosintelligence.com/vulnerability_reports/ Broken Link
https://www.geovision.com.tw/cyber_security.php Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:geovision:gv-lpc2011_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-lpc2011:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:geovision:gv-lpc2211_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-lpc2211:-:*:*:*:*:*:*:*
History

05 May 2026, 02:43

Type Values Removed Values Added
First Time Geovision
Geovision gv-lpc2211
Geovision gv-lpc2011
Geovision gv-lpc2211 Firmware
Geovision gv-lpc2011 Firmware
References () https://https://talosintelligence.com/vulnerability_reports/ - () https://https://talosintelligence.com/vulnerability_reports/ - Broken Link
References () https://www.geovision.com.tw/cyber_security.php - () https://www.geovision.com.tw/cyber_security.php - Vendor Advisory
CPE cpe:2.3:o:geovision:gv-lpc2011_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-lpc2011:-:*:*:*:*:*:*:*
cpe:2.3:o:geovision:gv-lpc2211_firmware:1.10:*:*:*:*:*:*:*
cpe:2.3:h:geovision:gv-lpc2211:-:*:*:*:*:*:*:*

04 May 2026, 01:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-05-04 01:16

Updated : 2026-05-05 02:43

NVD link : CVE-2026-42368

Mitre link : CVE-2026-42368

CVE.ORG link : CVE-2026-42368

JSON object : View

Products Affected

geovision

  • gv-lpc2011
  • gv-lpc2211
  • gv-lpc2211_firmware
  • gv-lpc2011_firmware
CWE
CWE-266

Incorrect Privilege Assignment