PatchSiren cyber security CVE debrief
CVE-2026-42367 GeoVision Inc. CVE debrief
A medium-severity privilege escalation vulnerability, CVE-2026-42367, exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. This vulnerability allows a specially crafted HTTP request to lead to a credentials leak. An attacker can exploit this vulnerability by visiting a webpage.
- Vendor
- GeoVision Inc.
- Product
- GV-LPC2011/LPC2211
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-04
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-05-04
- Advisory updated
- 2026-06-15
Who should care
Users of GeoVision LPC2011/LPC2211 1.10 should be aware of this medium-severity vulnerability. An attacker could exploit this vulnerability to escalate privileges and potentially gain unauthorized access.
Technical summary
The vulnerability has a CVSS score of 6.5 and is classified as CWE-522. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor (see resourceLinkAnnotations 'ref-5' for vendor advisory).
- Restrict access to the Web Interface / ssi.cgi functionality.
- Monitor for suspicious HTTP requests.
Evidence notes
The vulnerability was published on 2026-05-04T01:16:03.890Z and modified on 2026-06-15T21:16:53.493Z.
Official resources
-
CVE-2026-42367 CVE record
CVE.org
-
CVE-2026-42367 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Third Party Advisory
-
Mitigation or vendor reference
0df08a0e-a200-4957-9bb0-084f562506f9 - Vendor Advisory
-
Source reference
af854a3a-2127-422b-91ae-364da2661108
CVE-2026-42367 was published on 2026-05-04T01:16:03.890Z and modified on 2026-06-15T21:16:53.493Z.