← voltar
CVE-2026-57872

GV-LPC2011/LPC2211 - unauthorized directory traversal vulnerability (get_fcont.cgi)

CVSS 7.5 HIGHEPSS 1.0%CWE-22
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.5EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
26 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An unauthenticated directory traversal vulnerability exists in get_fcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attacker may exploit this vulnerability by sending a crafted request to read arbitrary files accessible to the affected process, resulting in information disclosure.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N