CVE-2026-42365

Summary

A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. An attacker can bruteforce session cookies to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
GeoVision Inc.GV-LPC2011/LPC22111.10affected
GeoVision Inc.GV-LPC2011/LPC22111.12unaffected

Weaknesses

  • CWE-341: CWE-341 Predictable from observable state

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References