Skip to content
CVSS 8.6 · HIGH

CVE-2026-42365

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Ver en NVD

Análisis

This CVE affects specific GeoVision license plate recognition camera firmware. It is niche hardware for physical surveillance and does not impact the software development stacks, Linux servers, or common SaaS tools targeted by this community.

Severidad

Puntaje: 8.6(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: NONE
A: NONE
Tipo de falla (CWE): CWE-341

EPSS

Probabilidad de explotación (próx. 30 días): 0.0006 (0.1%)
Percentil: 19.5%
EPSS: 2026-05-06

Afecta

geovision:gv-lpc2011_firmwaregeovision:gv-lpc2011geovision:gv-lpc2211_firmwaregeovision:gv-lpc2211

Descripción técnica

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Publicada: 4/5/2026, 1:16:03
Última modificación: 5/5/2026, 2:44:42

Referencias

InicioEventosBlogRecursosEquipo