top of page
perceptive_background_267k.jpg

An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can …

Published:

3 mei 2026 om 22:00:00

Alert date:

4 mei 2026 om 16:04:41

Source:

nvd.nist.gov

Click to open the original link from this advisory

Mobile & IoT, Network Infrastructure, Zero-Day Vulnerabilities

A critical OS command injection vulnerability (CVE-2026-42364) has been identified in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 version 1.10. The vulnerability allows attackers to execute arbitrary commands by crafting malicious DDNS configuration values. An attacker can exploit this flaw by modifying configuration parameters, leading to complete system compromise. The vulnerability affects the DDNS (Dynamic DNS) settings component of the affected GeoVision devices. This represents a high-severity security issue that could allow remote code execution on vulnerable systems.

Technical details

Mitigation steps:

Affected products:

GeoVision LPC2011
GeoVision LPC2211

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-42364
https://talosintelligence.com/vulnerability_reports/
https://www.geovision.com.tw/cyber_security.php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page