HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-57881Published Modified CNA GV

CVE-2026-57881: GV-LPC2011/LPC2211 - unauthorized stack-based buffer overflow vulnerability (vlsvr)

An unauthenticated stack-based buffer overflow vulnerability exists in vlsvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient length validation when processing remote login data. A remote attacker may exploit this vulnerability by sending crafted login data with overly long input, resulting in memory corruption, denial of service, or potentially arbitrary code execution.

Metrics

CVSS v3.1
9.8
Severity
CRITICAL
Fixed in
1.13
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow exists in the vlsvr service on GeoVision GV-LPC2011 and GV-LPC2211 devices running firmware V1.12 and earlier. The vulnerability is reachable over the network without any authentication, triggered by sending crafted login data with an overly long input field that exceeds the bounds of a fixed-size stack buffer. Successful exploitation causes memory corruption, which an attacker can leverage to crash the service, deny legitimate access, or execute arbitrary code on the device. A patched-image rebuild at firmware version 1.13 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images and pipeline builds, including custom-built images that package or derive from the affected GeoVision firmware. Coverage applies to images in both registry scans and active CI/CD pipelines.

Available
Triage

HarborGuard scores this CVE at 9.8 CRITICAL using the published CVSS v3.1 vector, and that score is weighted against each environment's compliance policy to determine urgency and routing. Triage findings are automatically directed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

A patched-image rebuild targeting firmware version 1.13 is available on HarborGuard for any environment running an affected version. For customers with auto-remediation enabled, HarborGuard performs the rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the vlsvr service over the network; the CVSS vector specifies AV:N, meaning the vulnerable component is exposed to network-reachable traffic.

  • AuthenticationNot required

    No credentials are needed; PR:N confirms the attacker can send crafted login data to the service without holding any account or session.

  • Victim interactionNot required

    No user action is required; UI:N means the attacker triggers the overflow entirely by sending a malformed request to the service.

  • Attack complexityDetail

    Attack complexity is low (AC:L), meaning the exploit is reliable and imposes no special conditions such as race windows or specific memory layout requirements.

Blast Radius

  • The attacker can crash the vlsvr service, making the device unavailable for its access-control or license-plate-capture function.
  • The attacker can corrupt stack memory in a way that allows overwriting the return address and redirecting execution to attacker-supplied code, achieving arbitrary code execution on the device.
  • With code execution, the attacker reads stored configuration, credentials, or captured image data held by the device.
  • With code execution, the attacker modifies device configuration, disables security policies, or pivots to other systems on the same network segment.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-57881 is active across all scanning environments and will flag any image running GeoVision GV-LPC2011 or GV-LPC2211 firmware at version 1.12 or earlier. Because this is rated CRITICAL at 9.8, it is prioritized at the top of triage queues and routed immediately to the appropriate team based on each organization's ownership policy. A patched-image rebuild at version 1.13 is available; for customers with auto-remediation enabled, HarborGuard rebuilds the image, runs regression tests, and opens a pull request against affected workloads (median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled). Where compliance policy does not permit auto-remediation, customers can apply the rebuild manually from the HarborGuard remediation panel. Until a rebuild is deployed, compensating controls such as network-policy rules that restrict inbound access to the vlsvr port to trusted source ranges are worth considering to reduce exposure.

See how HarborGuard automates this

Fix available

1.13
Affected packages
  • GeoVision Inc. / GV-LPCLPC2011/2211
    1.12
    Fixed in 1.13
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References