GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability
Details
CVSS v3
9.9
EPSS
0.1% probability · 34.5th percentile — 2026-05-11
Affected versions
GeoVision LPC2011/LPC2211 firmware version 1.10
Summary
This OS command injection vulnerability exists in the DdnsSetting.cgi functionality of affected GeoVision access control devices. Attackers can modify a malicious DDNS configuration value to inject arbitrary operating system commands. Successful exploitation leads to full remote arbitrary command execution on the affected device.
Remediation
Apply the latest official firmware update from GeoVision that addresses this vulnerability. Restrict external network access to the device's web interface to prevent untrusted users from accessing the vulnerable endpoint.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.