HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-57880Published Modified CNA GV

CVE-2026-57880: GV-LPC2011/LPC2211 - unauthorized buffer overflow via RTSP Digest username (ssvr)

An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when parsing RTSP Digest authentication fields. A remote attacker may exploit this vulnerability by sending a crafted RTSP request containing overly long authentication data, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
1.13
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow exists in the ssvr component of GeoVision GV-LPC2011 and GV-LPC2211 firmware versions 1.12 and earlier. The flaw is triggered when the device parses the username field in an RTSP Digest authentication request, and no credentials are required to reach it over the network. Successful exploitation can corrupt memory and give an attacker full control of the device, including arbitrary code execution. A patched-image rebuild at firmware version 1.13 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-57880 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images derived from GeoVision firmware layers. Coverage applies to both registry scans and inline pipeline checks.

Available
Triage

HarborGuard scores this CVE at CVSS 9.8 (Critical) and applies per-environment compliance policy weighting to determine priority routing. Triage findings are surfaced to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild targeting firmware version 1.13 is available on HarborGuard for any environment where an affected image is detected. For customers with auto-remediation enabled, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must be able to reach the device's RTSP service over the network; no prior foothold on the host is needed.

  • AuthenticationNot required

    No credentials of any kind are needed; the vulnerable code path is hit before any authentication check completes.

  • Victim interactionNot required

    The attacker sends a single crafted RTSP request with no action required from any user on the target system.

  • Attack complexityDetail

    Exploitation is reliable and condition-free; no race conditions, specific memory layout, or environmental prerequisites are required.

Blast Radius

  • An attacker gains the ability to execute arbitrary code in the context of the ssvr process, with whatever privileges that process holds on the device.
  • Memory corruption from the overflow can crash the ssvr service, taking RTSP streaming and associated device functions offline.
  • A successful code-execution payload grants read access to files and credentials stored on the device, including any configured network or access-control data.
  • An attacker with code execution can modify device configuration, disable logging, or pivot to adjacent network segments the device is connected to.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-57880 activates as soon as the advisory is ingested, matching any image built on GeoVision GV-LPC2011 or GV-LPC2211 firmware 1.12 or earlier. For customers with auto-remediation enabled, HarborGuard initiates a rebuild against firmware version 1.13, runs a regression test pass, and opens a pull request against affected workloads. The median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval before remediation, HarborGuard queues the rebuild and surfaces the pending action in the team's triage inbox for sign-off. Given the unauthenticated network-reachable nature of this flaw, customers who cannot immediately apply the 1.13 rebuild are advised to use network policy to restrict access to the RTSP port (typically TCP 554) to known-trusted source addresses only, as a compensating control until the patched image is deployed.

See how HarborGuard automates this

Fix available

1.13
Affected packages
  • GeoVision Inc. / GV-LPCLPC2011/2211
    1.12
    Fixed in 1.13
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References