GeoVision LPC2011/LPC2211 OS Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

A command injection vulnerability has been identified in the DdnsSetting.cgi functionality of GeoVision LPC2011 and LPC2211 versions 1.10. This vulnerability allows for arbitrary command execution by sending a specially crafted DDNS configuration. An attacker can exploit this by modifying a configuration value to trigger the command execution.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device.

Added: May 4, 2026, 1:22 AM

Updated: May 4, 2026, 1:22 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

7.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GeoVision LPC2011/LPC2211 OS Command Injection Vulnerability Allowing Arbitrary Command Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating