Shodan
Vulnerabilities
Vulnerable Software
Geovision:  >> Gv-Lpc2011 Firmware  >> 1.10  Security Vulnerabilities
CVE-2026-42368
A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.0
Published
2026-05-04
CVE-2026-7371
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page.
CVSS Score
7.4
EPSS Score
0.0
Published
2026-05-04
CVE-2026-42364
An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration value to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.001
Published
2026-05-04
CVE-2026-42365
A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.
CVSS Score
8.6
EPSS Score
0.001
Published
2026-05-04
CVE-2026-42366
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVSS Score
7.4
EPSS Score
0.0
Published
2026-05-04
CVE-2026-42367
A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-05-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved