What is CVE-2026-42364?

CVE-2026-42364 is a critical-severity vulnerability in Geovision Gv-lpc2011, classified under OS Command Injection. CVSS score: 9.9/10. Published 2026-05-04.

How severe is CVE-2026-42364?

Critical severity. CVSS v3 base score is 9.9 out of 10.

RCE in Geovision Gv-lpc2011

CVE-2026-42364

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An attacker can modify a configuration val…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.001 (34.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Geovision Gv-lpc2011
Geovision Gv-lpc2011_firmware — versions 1.10
Geovision Gv-lpc2211
Geovision Gv-lpc2211_firmware — versions 1.10
Geovision Inc. Gv-lpc2011/lpc2211 — versions 1.10, 1.12

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

0df08a0e-a200-4957-9bb0-084f562506f9 (vendor-advisory, Vendor Advisory)
0df08a0e-a200-4957-9bb0-084f562506f9 (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-42364?: CVE-2026-42364 is a critical-severity vulnerability in Geovision Gv-lpc2011, classified under OS Command Injection. CVSS score: 9.9/10. Published 2026-05-04.
How severe is CVE-2026-42364?: Critical severity. CVSS v3 base score is 9.9 out of 10.