Skip to content
CVSS 9.9 · CRITICAL

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

Ver en NVD

Análisis

This vulnerability affects the firmware of GeoVision license plate recognition cameras, allowing for arbitrary command execution. While the severity is critical, the product is specialized security hardware and is not relevant to the general-purpose software development or infrastructure stack of the community.

Severidad

Puntaje: 9.9(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-78

EPSS

Probabilidad de explotación (próx. 30 días): 0.0011 (0.1%)
Percentil: 28.7%
EPSS: 2026-05-06

Afecta

geovision:gv-lpc2011_firmwaregeovision:gv-lpc2011geovision:gv-lpc2211_firmwaregeovision:gv-lpc2211

Descripción técnica

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.

Publicada: 4/5/2026, 1:16:03
Última modificación: 5/5/2026, 2:45:23

Referencias

InicioEventosBlogRecursosEquipo