GCVE - cpe:2.3:a:geovision_inc.:gv-lpc2011/lpc2211:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:geovision_inc.:gv-lpc2011/lpc2211:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Geovision Inc. (`1f9b8475-73fe-5d5d-9d88-a1e8ba8ee9f7`)
Product	Gv Lpc2011/Lpc2211 (`84f4fa12-905c-5ef0-94ea-8bcd7dbbf388`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-7371`	vulnerable	2026-06-08 08:08:57.125100	GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities HIGH (7.4) Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page. Published: 2026-05-04T00:43:05.061Z Updated: 2026-05-04T13:43:31.083Z Open on db.gcve.eu Reference links https://www.geovision.com.tw/cyber_security.php https://talosintelligence.com/vulnerability_reports/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-42368`	vulnerable	2026-06-08 08:03:16.229451	GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability CRITICAL (9.9) A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. Published: 2026-05-04T00:45:53.668Z Updated: 2026-06-15T19:19:05.815Z Open on db.gcve.eu Reference links https://www.geovision.com.tw/cyber_security.php https://https://talosintelligence.com/vulnerability_reports/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-42367`	vulnerable	2026-06-08 08:03:16.228474	GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability via leak of Administrator credentials MEDIUM (6.5) A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Published: 2026-05-04T00:43:37.647Z Updated: 2026-06-15T19:19:04.750Z Open on db.gcve.eu Reference links https://www.geovision.com.tw/cyber_security.php https://talosintelligence.com/vulnerability_reports/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-42366`	vulnerable	2026-06-08 08:03:16.224541	GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi reflected cross-site scripting (XSS) vulnerabilities HIGH (7.4) Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Published: 2026-05-04T00:42:39.182Z Updated: 2026-05-04T12:59:22.360Z Open on db.gcve.eu Reference links https://www.geovision.com.tw/cyber_security.php https://talosintelligence.com/vulnerability_reports/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-42365`	vulnerable	2026-06-08 08:03:16.223536	GeoVision LPC2011/LPC2211 Web Interface guessable session cookie vulnerability HIGH (8.6) A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability. Published: 2026-05-04T00:42:08.487Z Updated: 2026-06-15T19:19:03.663Z Open on db.gcve.eu Reference links https://www.geovision.com.tw/cyber_security.php https://talosintelligence.com/vulnerability_reports/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2026-42364`	vulnerable	2026-06-08 08:03:16.217844	GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability CRITICAL (9.9) An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability. Published: 2026-05-04T00:41:33.908Z Updated: 2026-06-15T19:19:02.555Z Open on db.gcve.eu Reference links https://www.geovision.com.tw/cyber_security.php https://talosintelligence.com/vulnerability_reports/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.